Results 1 to 5 of 5

Thread: FBI accessing hundreds of American computers

  1. #1

    FBI accessing hundreds of American computers

    Not updating your critical software? The FBI might just do it for you.

    The FBI has begun quietly accessing hundreds of American computers hacked through Microsoft’s Exchange email program, removing malicious code that the hackers left behind.

    The operation, which the Department of Justice announced Tuesday it had authorized with a warrant, highlights the severity of the Exchange vulnerability, which allowed scores of hackers to break into organizations since the beginning of the year.

    But it also raises concerns about the FBI's jurisdiction when remedying cyberattacks against Americans.

    In some major stings against botnets — giant armies of hacked computers that a hacker will direct to act as a group, often as part of criminal operations — the FBI will hack victims’ computers to remove the code that makes the computers unwilling perpetrators. But the agency’s reaction to the Exchange hack is an example of a far rarer phenomenon: actively removing malicious code from Americans’ computers simply to help them.

    Microsoft announced at the beginning of March that hackers working for the Chinese government had been exploiting flaws in the code of Exchange, its program that allows organizations to run their own email servers, to break into computers running that program. As Microsoft and other cybersecurity researchers began working on a fix, the vulnerability seemed to go viral among hackers, and a wide range of them began exploiting the vulnerability all over the world.

    A spokesperson for the Chinese Embassy in Washington, Wang Wenbin, said at the time that "China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyber attacks is a complex technical issue."

    Harvey Rishikof, the director of policy and cybersecurity research at the University of Maryland, said that the FBI action was a necessary step, given that cybersecurity has proven so difficult for many Americans.

    "In order to level the playing field, we have to be much more active, defensively. And this is a first step," he said.

    Many of the hackers who broke into victims’ computers through Exchange left simple scripts, called web shells, which give them the ability to remotely control those systems. While Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency launched awareness campaigns to alert potential victims and tell them how to remedy their systems, researchers have found that thousands of victims weren’t taking those steps.

    In a signed affidavit for the operation, an FBI agent whose name is redacted wrote that "most of these victims are unlikely to remove the remaining web shells because the web shells are difficult to find due to their unique file names and paths or because these victims lack the technical ability to remove them on their own."

    "By deleting the web shells, FBI personnel will prevent malicious cyber actors from using the web shells to access the servers and install additional malware on them," the agent wrote.

    The FBI will notify victims that the agency has removed the code, but isn’t required to do so before May 9, according to the terms of the warrant.

    Many of the web shells that the Exchange hackers left behind are simply copied and pasted code used against multiple victims. They require a password to enter, but since those passwords were often reused, it’s easy for an FBI agent to log in, make a copy of the web shell for evidence, and then delete it.

    Alan Butler, the president of the Electronic Privacy Information Center, a think tank that advocates for digital privacy, said that while the FBI appeared to be acting justly in this case, the Justice Department should be mindful with how it grants the agency that authority.

    "There are significant risks with these techniques — such as unintended destruction of data or misuse of the tools by government agents — that demand close oversight," he said in an email. "It is important that courts strictly limit such orders and that there be public oversight of these activities after the fact."

  2. Remove this section of ads by registering.
  3. #2
    I'll leave the lawyering to the lawyers and the politicking to the politicians, but I'll note that there are some white-hats out there. After a Gmail leak (that I hadn't read about because I generally avoid the news), I had someone log a random Uber ride somewhere in Canada and they used my Gmail address as the address to create the account for that ride. I had a meltdown that someone must have uncovered my password so I went and checked the website listing all accounts leaked and mine was in the list. So I changed my Gmail password. I went back and reviewed that email and nothing about it made sense -- someone created an Uber account using my Gmail, took a 5 mile ride, but never logged into my account (you can see all logins in the Gmail control panel). So I think this was a white-hat that just wanted to get my attention to change my password since I was in the list. A very kind thing of them to do, by the way.

    Another more "intrusive" white-hat hack was by Ryan Castellucci who was sifting through addresses on the Bitcoin blockchain to see if anyone of them had a weak password that could be cracked. Using a custom password-cracker, he was actually able to hack several addresses. Most of them had decimal dust so it didn't matter. However, he hit on one address that had tens of thousands of dollars of Bitcoin (back when this occurred, it would be many millions now). He realized that this poor guy could lose all his money but he had no way to contact him. Instead, he sent a small spend transaction from the address (spent a tiny amount of his Bitcoin), then sent another transaction to put that exact same amount back into the Bitcoin address he had hacked. Surprisingly, that didn't get the guy's attention even after several days, so he kept trying to find him, and eventually did get in contact with him, because he was a miner:

    Jesus Is Lord

  4. #3
    I wonder if that's what's going on with the little gray Xs on the icons, even though I've never signed in to OneDrive...
    Quote Originally Posted by Andrew Ryan
    In Washington you can see them everywhere: the Parasites and baby Stalins sucking the life out of a once-great nation.

  5. #4
    Another good reason to not use Windoze.
    Liberty is lost through complacency and a subservient mindset. When we accept or even welcome automobile checkpoints, random searches, mandatory identification cards, and paramilitary police in our streets, we have lost a vital part of our American heritage. America was born of protest, revolution, and mistrust of government. Subservient societies neither maintain nor deserve freedom for long.
    Ron Paul 2004

    Registered Ron Paul supporter # 2202
    It's all about Freedom

  6. #5
    So they exploited a vulnerability and replaced the code with their own? Got it.
    A savage barbaric tribal society where thugs parade the streets and illegally assault and murder innocent civilians, yeah that is the alternative to having police. Oh wait, that is the police

    We cannot defend freedom abroad by deserting it at home.
    - Edward R. Murrow

    ...I think we have moral obligations to disobey unjust laws, because non-cooperation with evil is as much as a moral obligation as cooperation with good. - MLK Jr.

    How to trigger a liberal: "I didn't get vaccinated."

Similar Threads

  1. Bill would block computers bought in S.C. from accessing porn
    By timosman in forum U.S. Political News
    Replies: 8
    Last Post: 12-23-2016, 09:56 AM
  2. Replies: 0
    Last Post: 08-08-2016, 01:15 PM
  3. Trouble accessing
    By Perry in forum U.S. Political News
    Replies: 1
    Last Post: 02-20-2012, 01:29 PM
  4. problem accessing forum on chrome
    By cindy25 in forum Open Discussion
    Replies: 4
    Last Post: 07-18-2010, 09:01 AM
  5. Anyone else having trouble accessing demonoid? (4-28-10)
    By torchbearer in forum Open Discussion
    Replies: 20
    Last Post: 05-01-2010, 04:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts