FBI hacks vulnerable US computers to fix malicious malware

[Lightwreather]

Summary

US justice department says bureau hacked devices to remove malware from insecure software

 

Quotes

Quote

The FBI has been hacking into the computers of US companies running insecure versions of Microsoft software in order to fix them, the US Department of Justice has announced.

The operation, approved by a federal court, involved the FBI hacking into “hundreds” of vulnerable computers to remove malware placed there by an earlier malicious hacking campaign, which Microsoft blamed on a Chinese hacking group known as Hafnium.

Hafnium’s operation placed backdoors into “tens of thousands” of servers running Microsoft’s Exchange software, which allows businesses to manage emails, contacts and calendars for their employees. It took advantage of a weakness in the servers, now fixed, to plant the malware, which allowed the hackers to return at a later date.

The FBI’s campaign uses the same weakness in the “hundreds” of servers that have still not been patched to hack the hackers – breaking into the vulnerable computers and removing the backdoors entirely.“Today’s court-authorised removal of the malicious web shells demonstrates the Department’s commitment to disrupt hacking activity using all of our legal tools, not just prosecutions,” the US Department of Justice’s assistant attorney general, John C Demers, said. The FBI says it is “attempting” to notify all the owners of the affected computers, either by sending them an email from an official FBI email account, or emailing their internet service providers.Benevolent hacking, also called a “white hat” hack, is rare, particularly from state actors, but not unheard-of. In 2016, a widespread weakness in internet-of-things devices led to the creation of a botnet called Mirai, which allowed criminals to seize millions of devices and direct them at websites and services, overwhelming them with traffic and crashing them.

 

My thoughts

Quite frankly, I find this hilarious, "Hacking to fix another hack". But yea, this is an unusual event, especially coming from a government agency. This might be a good thing if they use this to secure more stuff but there might also a bad side.

If only they stopped using Windows 95 devices /s

 

Sources

https://www.theguardian.com/technology/2021/apr/14/fbi-hacks-vulnerable-united-states-computers-to-fix-hack-malicious-malware-microsoft-exchange-software

[whispous]

I guess thank you, FBI - but what's extremely concerning to know is that the FBI can carry out unauthorised modifications to private software installations with full backing of the authorities (themselves) for essentially non-criminal evidence gathering reasons.

 

Scary world.

[Drama Lama]

State - funded hacking for fixing companies‘ IT

[Letgomyleghoe]

by fix they probably mean add their own backdoor lmfao, glad I don't run a windows 95 server or any windows device accessible by the greater IOT.

[Furiku]

Some more background to the story:

https://www.justice.gov/usao-sdtx/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft

 

Pretty interesting reaction by FBI after they've been getting roasted to hell by the security community recently about their incompetence in cybersecurity side. Would be interesting to see government agency running whitehat operations using Proof of concept exploits to patch them in the future too.

 

 

However:

what they're obviously not telling us is that they are indeed fixing and patching these vulnerabilities as the court order allows them to do.

But one doesn't have to be conspiracy theorist to understand that there probably are other secret court orders which are authorizing them to do other things too - while they're already there in the system. Obviously.

 

Who'd have thought this old meme finally became relevant in 2021 all of sudden?

[Master Disaster]

6 minutes ago, Furiku said:

Some more background to the story:

https://www.justice.gov/usao-sdtx/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft

 

Pretty interesting reaction by FBI after they've been getting roasted to hell by the security community recently about their incompetence in cybersecurity side. Would be interesting to see government agency running whitehat operations using Proof of concept exploits to patch them in the future too.

 

 

However:

what they're obviously not telling us is that they are indeed fixing and patching these vulnerabilities as the court order allows them to do.

But one doesn't have to be conspiracy theorist to understand that there probably are other secret court orders which are authorizing them to do other things too - while they're already there in the system. Obviously.

 

Who'd have thought this old meme finally became relevant in 2021 all of sudden?

This is very tinfoil hatty...

 

I'm surprised they got a court order to allow this but there is ZERO chance the courts would give them power to gather evidence/intelligence illegally.

 

That said, if the intent is to gather illegal intelligence then why would they even tell the courts at all?

[Haraikomono]

if a business still uses XP for their pcs then they maybe deserve to be hacked

[Master Disaster]

Just now, Haraikomono said:

if a business still uses XP for their pcs then they maybe deserve to be hacked

Very ignorant post.

 

See the recent MS Exchange Server 0 Day Exploit that affected Server 2013, 2016 & 2019...

https://www.zdnet.com/article/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks/

[Rauten]

9 minutes ago, Haraikomono said:

if a business still uses XP for their pcs then they maybe deserve to be hacked

Yeaaaaahh not that simple - there are a crapton of machines using XP in factory environments because the software you need to run those machines only works properly on WindowsXP and you can't even try to put it in a VM; and either there is no alternative for that use case, or the alternative means changing the machinery completely which makes the cost of the upgrade skyrocket and just not worth it.

 

46 minutes ago, Drama Lama said:

State - funded hacking for fixing companies‘ IT

Well, I can think of far worse uses for the taxpayers' money - a public hack prevention system is not a terrible idea, expect for the fact that they could very very very very very VERY easily abuse their capacity, like, for example...

26 minutes ago, Letgomyleghoe said:

by fix they probably mean add their own backdoor lmfao

Though in reality, they probably used their already present backdoor to put a brick wall on others' backdoors.

I mean, how dare they hack US computers?! Only they can hack US citizens and businesses!

[The_russian]

4 minutes ago, Rauten said:

Yeaaaaahh not that simple - there are a crapton of machines using XP in factory environments because the software you need to run those machines only works properly on WindowsXP and you can't even try to put it in a VM; and either there is no alternative for that use case, or the alternative means changing the machinery completely which makes the cost of the upgrade skyrocket and just not worth it.

Those machines running XP in factories or other control systems don't need to be, and shouldn't be, connected to the internet though. If a machine needs internet connectivity, it shouldn't be running an outdated operating system that is no longer receiving security updates. That being said, this doesn't really relate to the news article in question and not really sure why it was even brought up. 

[Letgomyleghoe]

21 minutes ago, Master Disaster said:

This is very tinfoil hatty...

 

I'm surprised they got a court order to allow this but there is ZERO chance the courts would give them power to gather evidence/intelligence illegally.

 

That said, if the intent is to gather illegal intelligence then why would they even tell the courts at all?

lmfao, sure this sounds bogus but look further into the us government be it fbi, or nsa specifically and it doesn't seem that far off.

 

https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

 

https://www.pbs.org/newshour/world/intelligence-officials-collect-private-explicit-video-chat-images

 

https://www.pcmag.com/news/report-nsa-secretly-spied-on-yahoo-google-data-centers

 

most of this is from the snowden leaks, whether or not you'd like to believe these or not is up to you, but I wouldn't put it past the NSA or FBI.

[Letgomyleghoe]

6 minutes ago, The_russian said:

Those machines running XP in factories or other control systems don't need to be, and shouldn't be, connected to the internet though. If a machine needs internet connectivity, it shouldn't be running an outdated operating system that is no longer receiving security updates. That being said, this doesn't really relate to the news article in question and not really sure why it was even brought up. 

this is just willful ignorance, lots of POS systems still use XP or other such outdated operating systems and need to be connected to the internet.

 

updating every POS for a nationwide company can cost millions if not more, along with development of new software, and testing for bugs and security on the new software. Sometimes it's safer/more reliable to keep using the software that you know works.

[Master Disaster]

42 minutes ago, Letgomyleghoe said:

lmfao, sure this sounds bogus but look further into the us government be it fbi, or nsa specifically and it doesn't seem that far off.

 

https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

 

https://www.pbs.org/newshour/world/intelligence-officials-collect-private-explicit-video-chat-images

 

https://www.pcmag.com/news/report-nsa-secretly-spied-on-yahoo-google-data-centers

 

most of this is from the snowden leaks, whether or not you'd like to believe these or not is up to you, but I wouldn't put it past the NSA or FBI.

This kind of stuff is always fascinating to me, spying and espionage, its a really interest topic.

 

As I said, its not that it doesn't happen, only that when it does the authority does not come from a judge/court order.

 

Judges exist to uphold and serve the law and court systems are built on certain doctrines, the important one here is reasonable suspicion.

 

If I went to a judge and said "Well your honour I suspect letgomyleghoe is sharing movies illegally using the LMG forums" the first thing the judge would ask for is evidence to back the suspicion up. At this stage it doesn't really need to be concrete, anecdote, conjecture & hear say will do so if I said "I've had reports from users on the site that it is happening" the judge has the power to grant the order, if I said "its just a hunch" he'd tell me to go away and come back with something.

 

As far as the judge is concerned, any potential evidence gathered has to be admissible as evidence in a court and granting a court order based on a hunch gives the defence a get out of jail free card (literally).

 

If you read the articles you linked you'll notice a pattern, they were (apparently) authorised by executive order, not court order.

 

People who the FBI/NSA are hacking into illegally are likely never going to end up in front of a judge anyway, its purely about intelligence, not evidence gathering.

 

In this case, if I had to guess I'd say the FBI used national security to get permission. Its likely they're targeting exchange servers and are worried (probably even have proof its happening) foreign governments are exploiting the flaw to extract secrets about top US companies.

 

China, Russia & North Korea would all be very interested in finding out the dirty secrets of the Wall Street Top 100.

 

39 minutes ago, Letgomyleghoe said:

this is just willful ignorance, lots of POS systems still use XP or other such outdated operating systems and need to be connected to the internet.

 

updating every POS for a nationwide company can cost millions if not more, along with development of new software, and testing for bugs and security on the new software. Sometimes it's safer/more reliable to keep using the software that you know works.

Gotta disagree on this one. Terminals, dumb clients & POS's need access to an intranet, absolutely. They do not need access to the internet.

 

Firewalls, routing & subnets exists for exactly this reason.

[Taf the Ghost]

1 hour ago, Master Disaster said:

This is very tinfoil hatty...

 

I'm surprised they got a court order to allow this but there is ZERO chance the courts would give them power to gather evidence/intelligence illegally.

 

That said, if the intent is to gather illegal intelligence then why would they even tell the courts at all?

I feel like you've never heard the term "National Security Letter" (NSL) before? It's really scary when they show up with two in suits. That's when you know you've got a very serious problem on your hands.

 

As for the topic, I think the proper context to view this in would be for future use. It makes a lot of sense, from a National Security perspective, to actually infiltrate the network of a domestic company that's been infiltrated already and plant a tracking system or counter-measure to the attack vector. They can already do this for Government Systems, which is probably why they tend to be "smash & grab" attacks (after proper development). Frankly, this is just legal authority for the FBI to do what the NSA would do to any foreign server they''re found someone else has exploited.

 

Basically, all it means is the FBI can do what they'd ask the GCHQ to do for them, via secondary channels. In this instance, it's little different than someone locking your door & closing it after it's been left open.

 

That said, of course there is going to be National Security Court orders as well around this stuff. That's a given. Not happy about that, but actual White Hat operations aren't a bad thing.

[Fasterthannothing]

I'm not sure how I feel about this on one hand this was an unprecedented security exploit that needs to be fixed ASAP. On the other hand I'm very worried about the slippery slope this leads to. It's going to turn into the same thing scammers do. They go look we found some malware on your computer (that we put there) want to give us remote access to get it off? While they go and install more and steal all your information. Except this time the government will just do it replacing discovered backdoors with their own undiscovered ones.

[Joduko]

Tax payer dollars being used to fix problems that only exist because companies neglect what's not profitable.

[DexterSmythe]

Who needs an IT department when you can just have the FBI patch your computers for you? Now they just need to start patching zero-days as well.

[StDragon]

And what if that code was boobytrapped? FBI removes code, and a sub-process starts to wipe server data inside the network.

 

[DavidKalinowski]

6 hours ago, Master Disaster said:

This is very tinfoil hatty...

 

I'm surprised they got a court order to allow this but there is ZERO chance the courts would give them power to gather evidence/intelligence illegally.

 

That said, if the intent is to gather illegal intelligence then why would they even tell the courts at all?

Because once the court says they can, it stops being illegal duh /s

[asquirrel]

7 hours ago, whispous said:

I guess thank you, FBI - but what's extremely concerning to know is that the FBI can carry out unauthorised modifications to private software installations with full backing of the authorities (themselves) for essentially non-criminal evidence gathering reasons.

 

Scary world.

I want to make so many political arguments to this. But...yes, the thing you are concerned about is a fundamental pillar of certain political viewpoints. It has an extremely dark side that, historically, man (as in all humanity) has never had the willpower to successfully resist falling to long term.

[Master Disaster]

17 minutes ago, DavidKalinowski said:

Because once the court says they can, it stops being illegal duh /s

Except it doesn't, they have to demonstrate reasonable suspicion otherwise it remains very much still illegal even with a court order which was kind of my point.

 

They cant just decide they want a court order to gather evidence against someone because they feel like it and no court is ever going to grant a warrant outside of the law, if they do it is invalid and any action taken against it is automatically unlawful.

 

This is why executive orders are used to authorise any kind of covert/illegal activity (as far as we know at least).

[DavidKalinowski]

26 minutes ago, Master Disaster said:

Except it doesn't, they have to demonstrate reasonable suspicion otherwise it remains very much still illegal even with a court order which was kind of my point.

 

They cant just decide they want a court order to gather evidence against someone because they feel like it and no court is ever going to grant a warrant outside of the law, if they do it is invalid and any action taken against it is automatically unlawful.

 

This is why executive orders are used to authorise any kind of covert/illegal activity (as far as we know at least).

I guess you missed my /s for sarcasm

[tkitch]

9 hours ago, The_russian said:

Those machines running XP in factories or other control systems don't need to be, and shouldn't be, connected to the internet though. If a machine needs internet connectivity, it shouldn't be running an outdated operating system that is no longer receiving security updates. That being said, this doesn't really relate to the news article in question and not really sure why it was even brought up. 

/me looks at the crap core 2 duo I'm rebuilding (again) to have a spare for a million+ dollar printing press that cannot be updated to windows 10.  Literally /cannot/ be updated.  

 

There's a 150K Dollar upgrade to 10 to run the control software in a VM?  But due to the way 10 works, it's less reliable, and more prone to breaking down.  (THIS IS FROM THE VENDOR THAT HAS TO SUPPORT IT.) 

[Tieox]

And at no point did none of them leave a Rick Roll.  

 

Amazing. 

[StDragon]

11 minutes ago, Tieox said:

And at no point did none of them leave a Rick Roll.  

 

Amazing. 

The Gov isn't known for their sense of humor.