British authorities can clean the Exchange servers just like the FBI

‘Britse autoriteiten kunnen net als FBI Exchange-servers opschonen’

UK authorities can (legally) hack vulnerable Exchange servers to remove potential malware. However, they can simulate a similar intervention like the FBI. However, there are hooks and eyes, so there is little chance that such a procedure will actually be performed.

Last week, it emerged that the FBI was in the process of removing back doors installed on Exchange servers by hackers. The intelligence did this by hacking into the servers themselves and removing any installed web shells. The Intelligence Service focused specifically on one type of web shell and did not install any other patches to fix the vulnerabilities themselves.

mixed feelings

This work was met with mixed feelings. Overall, it was positive and the intervention is seen as a clever use of the legal resources available to the FBI. However, there are also laws with severe penalties for breaking into other people’s equipment and damaging the communication system there. So if the Exchange servers are hampered by the process, it leads to difficult legal issues.

However, many people are fooling around with the idea of ​​British Security Services conducting a similar intervention on vulnerable UK Exchange servers. Kiaran Martin, the former head of the UK’s National Cybersecurity Center, is excited about the idea of ​​the FBI on Twitter.

Legally possible

Technical attorney Neil Brown tells The Register that, based on a court order, UK security forces can implement the FBI idea within their own borders. To do so, the minister should point out that malware removal is essential to the health of the British economy. Servers also need to be handled with care to prevent interference from causing damage or downtime. After all, this would violate the aforementioned laws regarding equipment break-ins.

NCSC does not take advantage of this opportunity

Technically speaking, it is also possible for NCSC to interfere with compromised servers, but the service says it has decided not to do so. “NCSC has done its best to support the owners of vulnerable and compromised Exchange servers in removing web shells, including by working with partners and trying to reach them proactively.” Moreover, the agency advises to always stay up-to-date with the latest security updates.

READ  Read Twitter’s update on the big hack — 8 accounts may well have had private messages stolen

Leave a Reply

Your email address will not be published. Required fields are marked *