In a move that has been described as unprecedented, the FBI obtained a court order that allowed it to remove a backdoor program from hundreds of private Microsoft Exchange servers that were hacked through zero-day vulnerabilities earlier this year. The operation shows that the FBI is ready to take a more active approach in responding to cyber threats that goes beyond its traditional investigatory role, but also raises questions about where the limits should be with such actions.[ Learn 12 tips for effectively presenting cybersecurity to the board and 6 steps for building a robust incident response plan. | Sign up for CSO newsletters. ]
Why is the FBI cleaning Exchange servers?
Earlier this week, the Department of Justice announced that the FBI was granted a search and seizure warrant by a Texas court that allows the agency to copy and remove web shells from hundreds of on-premise Microsoft Exchange servers owned by private organizations. A web shell is a type of program that hackers install on hacked web servers to grant them backdoor access and remote command execution capabilities on those servers through a web-based interface.