British authorities can clean the Exchange servers just like the FBI

UK authorities can (legally) hack vulnerable Exchange servers to remove potential malware. However, they can simulate a similar intervention like the FBI. However, there are hooks and eyes, so there is little chance that such a procedure will actually be performed.

Last week, it emerged that the FBI was in the process of removing back doors installed on Exchange servers by hackers. The intelligence did this by hacking into the servers themselves and removing any installed web shells. The Intelligence Service focused specifically on one type of web shell and did not install any other patches to fix the vulnerabilities themselves.

mixed feelings

This work was met with mixed feelings. Overall, it was positive and the intervention is seen as a clever use of the legal resources available to the FBI. However, there are also laws with severe penalties for breaking into other people’s equipment and damaging the communication system there. So if the Exchange servers are hampered by the process, it leads to difficult legal issues.

However, many people are fooling around with the idea of British Security Services conducting a similar intervention on vulnerable UK Exchange servers. Kiaran Martin, the former head of the UK’s National Cybersecurity Center, is excited about the idea of the FBI on Twitter.

I’d love to know more, but at first glance this looks like a creative cyber intervention by the United States government which is:

– technically smart;
Legal, although some understandable reasons will be uncomfortable;
– It will reduce your exposure to specific electronic damage.

Please tell me what went wrong! https://t.co/ulsbAztVIg

– Ciaran Martin (@ciaranmartinoxf) April 14, 2021

Legally possible

Technical attorney Neil Brown tells The Register that, based on a court order, UK security forces can implement the FBI idea within their own borders. To do so, the minister should point out that malware removal is essential to the health of the British economy. Servers also need to be handled with care to prevent interference from causing damage or downtime. After all, this would violate the aforementioned laws regarding equipment break-ins.

NCSC does not take advantage of this opportunity

Technically speaking, it is also possible for NCSC to interfere with compromised servers, but the service says it has decided not to do so. “NCSC has done its best to support the owners of vulnerable and compromised Exchange servers in removing web shells, including by working with partners and trying to reach them proactively.” Moreover, the agency advises to always stay up-to-date with the latest security updates.

Stanislav Kondrashov on Silver’s Industrial Revolution: How Technology Demand is Reshaping Global Mining Priorities

USDA Expands Food Safety Certification Assistance to Medium-Sized Specialty Crop Growers

USDA Reminds Farmers of Compliance Rules for Land and Wetland Conservation Programs