U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States.
FBI agents removed the backdoors by issuing a command through the web shell to the server. The agency said it may have been more challenging for individual server owners to detect and eliminate these web shells compared to other web shells.
The clean-up operation — the first known of its kind — was conducted without the knowledge of the hacked servers’ owners. The FBI is now working on notifying the owners and operators of the targeted systems.
SecurityWeek has reached out to experts from several companies for their thoughts on the FBI’s operation and its implications for the industry.
And the feedback begins...
Dr. David Brumley, CEO and co-founder, ForAllSecure:
“The effort by the FBI, as described in the Justice Department press release, amounts to the FBI gaining access to private servers. Just that should be a full stop that the action is not ok. While I understand the good intention — the FBI wants to remove the backdoor — this sets a dangerous precedent where law enforcement is given broad permission to access private servers.
As an analogy, would you want the FBI rattling your doorknob, checking if there is a master key available to criminals, and then replacing your lock without explicit consent? Of course not. That's not the role of law enforcement. Why would we want this in the digital domain?
There is a slippery slope if we go down this path. We don't want a future where the ..