Comment UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing.
In the middle of last week the American authorities made waves after deleting web shells from Exchange Server deployments compromised in the Hafnium attacks. The agency had gone to the US federal courts for permission, which it received.
The entire infosec world had been bellowing at IT admins to update and mitigate the vulns, which were being exploited by skilled and malicious people who found the remote-code-execution bug. Nonetheless, some laggards still hadn't bothered – and with compromised boxen providing a useful base for criminals to launch further attacks from, evidently the FBI felt the wider risk was too great not to step in.
The move didn't go unnoticed in the UK. Former National Cyber Security Centre chief Ciaran Martin praised it on Twitter:
Would love to know more, but at first glance this looks like a creative US Gov’t cyber intervention that is:
- technically astute;- lawful, though some will understandably be uneasy;- going to reduce vulnerability to specific cyber harm.
Please tell me what I’ve got wrong! https://t.co/ulsbAztVIg
— Ciaran Martin (@ciaranmartinoxf) April 14, 2021
Could NCSC have copied the FBI and done such a thing over here? Although the initial re ..