Through a court-authorised operation, the FBI accessed private computers in the US to purge them of malicious code (backdoor web shells) installed by hackers that were involved in the recent breach of Microsoft Exchange email servers.
The high-profile breach, which Microsoft last month blamed on China, has reportedly affected at least 60,000 victims globally. Microsoft has since worked furiously to rectify Exchange’s vulnerabilities while Washington pleads for organisations to patch up.
Clearly, US authorities concluded that voluntary patching simply wasn’t enough.
The Department of Justice (DOJ), which oversees the FBI, said the operation successfully “removed one early hacking group’s remaining web shells which could have been used to maintain and escalate persistent, unauthorised access to US networks.”
However, the operation did not search for or remove additional malware or hacking tools that hacking groups may have placed on victim networks through the web shells. Network defenders should review Microsoft’s remediation guidance at https://t.co/JH68IUQPys. @CISAgov
— FBI (@FBI) April 14, 2021
It added, “The FBI conducted the removal by issuing a command through the web shell to the server, which was designed to cause the server to delete only the web shell (identified by its unique file path).”
But was this drastic move of accessing private computers justified? The DOJ noted that the backdoors that the FBI removed each had a unique file path and name. So individual server owners could’ve found them hard to detect and squash.
The DOJ did say that the FBI would attempt to notify all owners or operators of the computers affected by the operation. Still, this raises all sorts of questions about privacy.
The US has souring relations with China and Russia – the two countries most blamed for large-scale hackings in America. So you can bet we’ll be seeing more of these operations in the future.