FBI hack to protect hundreds of computers

In an unprecedented move, the FBI used hacker tools to hack into hundreds of infected computers in an attempt to protect them.

The violation, which affected tens of thousands of clients of Microsoft around the world, reportedly left a series of backdoors that could allow any hacker to get back into those systems. The FBI took advantage of this by using these same web shells/backdoors to remotely delete them, an operation the agency reports was successful.

"The FBI carried out the removal by issuing a web shell command on the server, which was designed to cause the server to delete the web shell on its own," the Justice Department said in a statement.

The strange thing is that the owners of these Microsoft Exchange Servers probably do not yet know about the involvement of the FBI. The Justice Department said it was simply "trying to warn" some landlords who could help.

All of this was done with the full approval of the Texas court, and you can read the search and seizure warrant from here.

It will be interesting to see if this move loses precedent for future responses to large hacks.

Of course it makes me wonder how many owners are angry and how grateful the FBI is.

The FBI says thousands of systems were repaired by their owners before remote backdoor removal began and removed only "web shells that could have been used to maintain and scale up unauthorized access to U.S. networks."

“Η σημερινή εξουσιοδοτημένη από το αφαίρεση των κακόβουλων web shells καταδεικνύει τη δέσμευση του Τμήματος να διακόψει κάθε δραστηριότητα πειρατείας χρησιμοποιώντας όλα τα νόμιμα εργαλεία, και όχι μόνο διώξεις”, αναφέρει μια δήλωση του Βοηθού Γενικού Εισαγγελέα John C. Demers, από το τμήμα Εθνικής Ασφάλειας του Υπουργείου Δικαιοσύνης. .

Today is Patch Tuesday, by the way, and Microsoft security update in April 2021 includes new fixes for Exchange Server vulnerabilities.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).