UK authorities can (legally) hack vulnerable Exchange servers to remove potential malware. However, they can simulate a similar intervention like the FBI. However, there are hooks and eyes, so there is little chance that such a procedure will actually be performed.
Last week, it emerged that the FBI was in the process of removing back doors installed on Exchange servers by hackers. The intelligence did this by hacking into the servers themselves and removing any installed web shells. The Intelligence Service focused specifically on one type of web shell and did not install any other patches to fix the vulnerabilities themselves.
This work was met with mixed feelings. Overall, it was positive and the intervention is seen as a clever use of the legal resources available to the FBI. However, there are also laws with severe penalties for breaking into other people’s equipment and damaging the communication system there. So if the Exchange servers are hampered by the process, it leads to difficult legal issues.
However, many people are fooling around with the idea of British Security Services conducting a similar intervention on vulnerable UK Exchange servers. Kiaran Martin, the former head of the UK’s National Cybersecurity Center, is excited about the idea of the FBI on Twitter.
Explains technical attorney Neil Brown aan record That on the basis of a court order, the British security forces could implement the idea of the FBI within their borders. To do so, the minister should point out that malware removal is essential to the health of the British economy. Servers also need to be handled with care to prevent interference from causing damage or downtime. After all, this would violate the aforementioned laws regarding equipment break-ins.
NCSC does not take advantage of this opportunity
Technically speaking, it is also possible for NCSC to interfere with compromised servers, but the service says it has decided not to do so. “NCSC has done its best to support the owners of vulnerable and compromised Exchange servers in removing web shells, including by working with partners and trying to reach them proactively.” Moreover, the agency advises to always stay up-to-date with the latest security updates.