The Department of Justice has announced that the FBI, with court approval, removed malware from hundreds of U.S. computers susceptible to Microsoft Exchange Server vulnerabilities that were uncovered earlier this year. Microsoft has blamed attacks using the flaws, estimated to affect hundreds of thousand clients globally, on a Chinese state-sponsored hacking group called Hafnium.
Separately, The Washington Post has reported on how the FBI managed to unlock the San Bernardino shooter’s iPhone when Apple refused to help. Privacy advocates and security experts argued at the time that if the FBI succeeded in court at forcing Apple to open up “backdoors” for law enforcement, customers would be put at risk.
As it turns out, investigators instead paid $1 million to use an iPhone hacking tool developed by a small Australian company, Azimuth, which has since been acquired by U.S. defense contractor L3Harris.
Such efforts are raising concerns among cybersecurity experts. David Brumley, CEO of cybersecurity firm ForAllSecure and a professor at Carnegie Mellon University, told ZDNet that the FBI’s Microsoft Exchange operation “sets a dangerous precedent where law enforcement is given broad permission to access private servers.” Brumley warned of a “slippery slope.”
Combined, the San Bernardino and Microsoft disclosures show that the federal government has unusual clout when it comes to cybersecurity, writes Inc.com columnist Jason Aten. He suggests that if organizations or individuals want to keep the FBI from stepping into their networks to thwart hackers, they had better make sure their systems are secure themselves.
John Demers, assistant attorney general for the Justice Department’s National Security Division, said in a statement, “Today’s court-authorized removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions.