In an unprecedented move, the FBI used hacker tools to hack into hundreds of infected computers in an attempt to protect them.
The violation, which affected tens of thousands of clients of Microsoft Exchange Servers around the world, it reportedly left a series of backdoors that could allow any hacker to get back into those systems. The FBI took advantage of this by using these same web shells/backdoors to remotely delete them, an operation the agency reports was successful.
"The FBI carried out the takedown by issuing a web shell command to the server, which was designed to cause the server to delete the web shell itself," the Justice Department said in a statement. USA.
The strange thing is that the owners of these Microsoft Exchange Servers probably do not yet know about the involvement of the FBI. The Justice Department said it was simply "trying to warn" some landlords who could help.
All this was done with the full approval of the Texas court, and you can read the warrant search and confiscation from here.
It will be interesting to see if this move loses precedent for future responses to large hacks.
Of course it makes me wonder how many owners are angry and how grateful the FBI is.
The FBI reports that thousands of systems were repaired by their owners before the remote start mode removed backdoors and that it removed only "web shells that could have been used to maintain and escalate an unauthorized access to US Networks."
"Today's court-ordered removal of malicious web shells demonstrates the Department's commitment to end all piracy using all legal tools, not just prosecution," said a statement from Assistant Attorney General John C. Demers of the Department of Homeland Security. Security of the Ministry of Justice. .
Today is the Patch Tuesday, by the way, and Microsoft's April 2021 security update includes new fixes for Exchange Server vulnerabilities.