CybersecurityThe FBI Is Breaking into Corporate Computers to Remove Malicious Code – Smart Cyber Defense or Government Overreach?
The FBI has the authority right now to access privately owned computers without their owners’ knowledge or consent, and to delete software. It’s part of a government effort to contain the continuing attacks on corporate networks running Microsoft Exchange software, and it’s an unprecedented intrusion that’s raising legal questions about just how far the government can go.
The FBI has the authority right now to access privately owned computers without their owners’ knowledge or consent, and to delete software. It’s part of a government effort to contain the continuing attacks on corporate networks running Microsoft Exchange software, and it’s an unprecedented intrusion that’s raising legal questions about just how far the government can go.
On April 9, the United States District Court for the Southern District of Texas approved a search warrant allowing the U.S. Department of Justice to carry out the operation.
The software the FBI is deleting is malicious code installed by hackers to take control of a victim’s computer. Hackers have used the code to access vast amounts of private email messages and to launch ransomware attacks. The authority the Justice Department relied on and the way the FBI carried out the operation set important precedents. They also raise questions about the power of courts to regulate cybersecurity without the consent of the owners of the targeted computers.
As a cybersecurity scholar, I have studied this type of cybersecurity, dubbed active defense, and how the public and private sectors have relied on each other for cybersecurity for years. Public-private cooperation is critical for managing the wide range of cyber threats facing the U.S. But it poses challenges, including determining how far the government can go in the name of national security. It’s also important for Congress and the courts to oversee this balancing act.
Exchange Server Hack
Since at least January 2021, hacking groups have been using zero-day exploits – meaning previously unknown vulnerabilities – in Microsoft Exchange to access email accounts. The hackers used this access to insert web shells, software that allows them to remotely control the compromised systems and networks. Tens of thousands of email users and organizations have been affected. One result has been a series of ransomware attacks, which encrypt victims’ files and hold the keys to decrypt them for ransom.
On March 2, 2021, Microsoft announced that a hacking group code named Hafnium had been using multiple zero-day exploits to install web shells with unique file names and paths. This makes it challenging for administrators to remove the malicious code, even with the tools and patches Microsoft and cybersecurity firms have released to assist the victims.
