Article 43

 

Thursday, April 22, 2021

Legalized Hacking 2

pc-eye.jpg image: all seeing pc border=0

Judge Rules FBI Can Hack Into Exchange Servers

By Trevor Collins
Security Simplified
April 21, 2021

For the last few months, we have seen Exchange Servers fall to vulnerabilities from the HAFNIUN attacks. Even after Microsoft released patches for the serious flaws, we continue to see attacks on Exchange Servers and hear of more Exchange Servers becoming compromised. This shouldnt be news as many publications including our own have covered these vulnerabilities extensively. Additionally, Microsoft released their patches over a month ago. Yet in a recent report the FBI has found many compromised Exchange servers that still have various threat actor’s webshells installed.

Last week though, THE FBI took it a step further. In a court-approved action, the FBI identified compromised servers, connected to the servers through the webshell, and removed the malicious webshell left behind by the original threat actors. We can easily criticize the administrators who have allowed their exchange servers to stay compromised for so long, but it doesn’t excuse the FBI from connecting into these exchange servers. They don’t need individual warrants to connect to these devices according to the previously SEALED COURT DOCUMENT. This gives precedent for the FBI to access any server and make changes on these servers with just a blanket warrant. I see this as a clear violation of property rights. One could argue that the FBI helped fix the server, but property rights don’t have a stipulation that the government can access your property if they intend to help you. For example, if somebody put graffiti on the side of a business, the FBI does not have the right to cover over the graffiti without the owner’s permission.

Administrators choose their software based on the features and security it provides. A Microsoft Exchange Server and the host operating system protects the server from any unauthorized change.  When we buy the software, we expect that only authorized users can make changes on the servers and unauthorized users cannot. This creates a requirement for explicit permission for access. If you must bypass the normal expected route to make changes on the Exchange Server, then you do not have explicit permission to make these changes from the owner. The FBI has performed similar attacks in the past with the Coreflood botnet. This time though, it looks like they connected directly into the Exchange Server to delete the webshell where in comparison they removed Coreflood by sending a command to delete itself from the command and control infrastructure they had previously taken over.

Ultimately the court did not agree with me and gave an excessively wide warrant to the FBI. They could have asked for a warrant to identify the owners of the servers, but they didnt do this as far as we know. We have no way of knowing exactly how the FBI did this or what IP addresses they used.

The good news is, you can protect yourself from this happening to you by keeping your infrastructure secure in the first place. Protect your servers by ensuring they are updated. More importantly though, the FBI shouldn’t access servers they don’t own and haven’t actually committed a crime.

SOURCE

Posted by Elvis on 04/22/21 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 1 of 1 pages

Statistics

Total page hits 10791445
Page rendered in 0.7112 seconds
41 queries executed
Debug mode is off
Total Entries: 3353
Total Comments: 338
Most Recent Entry: 09/10/2021 12:39 pm
Most Recent Comment on: 02/13/2021 10:19 am
Total Logged in members: 0
Total guests: 8
Total anonymous users: 0
The most visitors ever was 172 on 12/25/2019 07:40 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

The people -—the people - are the rightful masters of both Congresses, and courts - not to overthrow the Constitution, but to overthrow the men who pervert it. - Abraham Lincoln

Search


Advanced Search

Sections

Calendar

September 2021
S M T W T F S
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS and FRED Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights