UK authorities can (legally) hack vulnerable Exchange servers to remove potential malware. However, they can simulate a similar intervention like the FBI. However, there are hooks and eyes, so there is little chance that such a procedure will actually be performed.
Last week, it emerged that the FBI was in the process of removing back doors installed on Exchange servers by hackers. The intelligence did this by hacking into the servers themselves and removing any installed web shells. The Intelligence Service focused specifically on one type of web shell and did not install any other patches to fix the vulnerabilities themselves.
mixed feelings
This work was met with mixed feelings. Overall, it was positive and the intervention is seen as a clever use of the legal resources available to the FBI. However, there are also laws with severe penalties for breaking into other people’s equipment and damaging the communication system there. So if the Exchange servers are hampered by the process, it leads to difficult legal issues.
However, many people are still playing around with the idea of British Security Services performing a similar intervention on vulnerable UK Exchange servers. Kiaran Martin, the former head of the UK’s National Cybersecurity Center, is excited about the idea of the FBI on Twitter.
Legally possible
Explains technical attorney Neil Brown aan record That the British security forces, on the basis of an order, could implement the idea of the FBI within their borders. To do so, the minister should point out that malware removal is essential to the health of the British economy. Servers also need to be handled with care to prevent interference from causing damage or downtime. After all, this would violate the aforementioned laws regarding equipment break-ins.
NCSC does not take advantage of this opportunity
Technically speaking, it is also possible for NCSC to interfere with compromised servers, but the service says it has decided not to do so. “The National Civil Service Center has done its best to support the owners of compromised and compromised Exchange servers in removing web shells, including by working with partners and trying to reach them proactively.” Moreover, the agency advises to always stay up-to-date with the latest security updates.
