The FBI Is Hacking Into Private Computers, But It's Totally Fine
As a reminder, the Morning Edition is being sent for free every day this week. If you like the content in this Newsletter, you can subscribe here. Otherwise, if you do nothing, you’ll continue to receive the weekly edition on Fridays–which is always free.
Early this year, a group of hackers associated with the Chinese government, known as Hafnium, exploited a vulnerability in Microsoft's Exchange Server. The attack allowed them to gain access to over 60,000 servers, including those of major corporations and banks.
This attack is separate from the SolarWinds hack that affected thousands of customers last year through a backdoor vulnerability in the company's software. In that case, a Russian group was able to piggyback on SolarWinds' software, which--when installed via an update on client networks--allowed the hackers to deploy malicious code. In that case, Microsoft worked with Fire Eye to cut off the attack by sink-holing the domain used to receive further instructions.
This attack was different, in that it took advantage of a known security flaw that affected on-premises exchange servers. Known as a zero-day attack, hackers were able to exploit the vulnerability without any interaction from the user, and without them knowing that malicious code had been placed on the server. The breach was so widespread that the Biden administration called for a "whole of government response."
It appears Microsoft was first notified of the problem in January, but did not release a patch until March. That was also the first time the issue was acknowledged publicly. During that time, hackers had access to sensitive information at thousands of companies, government agencies, and other organizations.
Since then, many were able to patch the flaw and remove malicious code, known as web shells. Some users, however, had yet to mitigate the attack. Even if they had installed the patch, the government said that a few hundred organizations had not removed the web shells from infected servers.
That left them vulnerable not only to the original hackers--but once the backdoor became public--to other groups that took advantage of the same exploit.
In a statement, the Department of Justice said:
Throughout March, Microsoft and other industry partners released detection tools, patches and other information to assist victim entities in identifying and mitigating this cyber incident. Additionally, the FBI and the Cybersecurity and Infrastructure Security Agency released a Joint Advisory on Compromise of Microsoft Exchange Server on March 10. Despite these efforts, by the end of March, hundreds of web shells remained on certain United States-based computers running Microsoft Exchange Server software.
Now, with the blessing of a Federal Court in Houston, Texas, the Federal Bureau of Investigation is using the same set of tools the hackers used, and is accessing servers to remove malicious code. In most cases, this is happening without the knowledge or awareness of the server's owner.
I think it's fair to say that this is unprecedented. The federal government isn't usually allowed to hack in and remove content from a computer network. I'm not suggesting that what they did was illegal--it clearly wasn't, hence the order from a judge. It does reveal that the federal government has extraordinary capabilities when it comes to cybersecurity.
Just yesterday The Washington Post reported just how the FBI was able to unlock the iPhone of the San Bernardino shooter. The agency used an Australian firm, Azimuth, to develop a way to access the device at the center of a huge battle between Apple and federal law enforcement.
In this case, the government felt that the risk of further compromise for the companies involved warranted drastic action. "This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cybercriminals," said Acting U.S. Attorney Jennifer B. Lowery of the Southern District of Texas.
Essentially, the government is suggesting that if companies won't take steps to protect their network and eliminate cyber threats, it's willing to step in and flex its own cyber muscles. That means if you'd like to keep the FBI out of your business in the future, keep the backdoor closed.
A few other stories you might like:
Microsoft Remote Desktop updated for Apple Silicon | AppleInsider Microsoft has released an update to its Remote Desktop app to natively support Apple Silicon on M1 Macs.
Nvidia warns the great GPU shortage will continue throughout 2021 - The Verge Nvidia is warning that demand for new GPUs will outstrip supply for the rest of 2021. The comments follow similar warnings by TSMC and Intel that general chip shortages could continue into 2022.
This is how IBM and Slack are approaching hybrid work — www.fastcompany.com The future of work for many companies isn’t in-office or remote, it’s a combination of both. Here are some questions we are asking to figure out how to make hybrid work successful.
Microsoft’s latest Surface Laptop goes on sale this week, starting at $999 – TechCrunch — techcrunch.com Microsoft is understandably positioning the latest additions to its Surface line as productivity devices. Laptop sales, in particular, have jumped amid the pandemic, as many have scrambled to shift to a work from home setting. With that in mind, the latest version of the Surface Laptop is far and away the headline item amid a […]