https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Debating law enforcement’s role in the fight against cybercrime

Debating law enforcement’s role in the fight against cybercrime

  • Written by Kelly Sheridan / Dark Reading
  • 6th May 2021

The FBI last month was authorized to remove malicious Web shells from machines running on-premises versions of Microsoft Exchange Server, a move that caught the eyes of cybersecurity pros and sparked a conversation about the government’s role in responding to these attacks.

This operation, which specifically authorized the activity for email servers in the United States, was announced some six weeks after Microsoft disclosed critical Exchange Server vulnerabilities that have since been used to target thousands of networks around the world. An attacker could chain the flaws together to compromise an exposed server and steal data, among other actions.

These infections commonly start with deploying a Web shell, which adversaries can later use to communicate with target machines and distribute files to infect them with additional malware. While many admins of target systems were able to successfully remove these Web shells from thousands of devices, others didn’t. Web shells persisted, unmitigated, on some target servers.

They soon became the object of an FBI operation that removed the remaining Web shells of an early hacking group. The Web shells could have been used to “maintain and escalate persistent, unauthorized access to U.S. networks,” the Justice Department wrote in a statement. Officials conducted the removal by issuing a command through the Web shell to the server, which was designed to cause the server to only delete the Web shell, as identified by its unique file path.

It’s important to note that while the FBI copied and removed Web shells, it did not patch any of the vulnerabilities, nor did it search for or remove additional malware or hacking tools that may have been present on target servers. Officials said they were attempting to contact the owners and operators of infected machines following the operation; they did not give advance notice.

The FBI has been involved in several operations against cybercrime. Officials most recently teamed up with global law enforcement agencies to bring down the Emotet botnet.

But this operation, in which the FBI was present on enterprise servers without owners’ knowledge, caught the eyes of many. It feels different than law enforcement dismantling a botnet, which often involves tracking a command-and-control server that the bots communicate with, disrupting communication, and gaining control over it.

“That’s a nuanced difference, but it’s a little different than the FBI specifically knowing endpoints that are compromised, remoting in, and deleting a Web shell,” says Katie Nickels, threat intelligence director at Red Canary, who feels “pretty divided” about the operation.

For Nickels, and for many defenders, it was difficult in early March to see many organizations compromised in the Exchange Server attacks. Security practitioners know there are teams that aren’t current on security news and don’t know to patch or detect Web shells, she explains. It’s frustrating, as a defender, to know all these businesses are going to be compromised and not know about it.

“Part of me as a defender is really happy that someone is trying to help these organizations remove a Web shell,” she says. “Of course, there’s the other side: What kind of precedent does this set, allowing law enforcement to go into a computer … what kind of precedent does that set for the future? When could these operations take actions in the future, and what could be the implications of that? That’s the other side.”

“I feel squarely torn, and that’s what I’ve heard from most people,” Nickels adds. In the past few months, as the world learned about SolarWinds and the Exchange Server attacks, the security community has seen a growing disparity between organizations prepared to face these incidents and those that aren’t — and a need to help lacking companies protect themselves.

A Goal of Disrupting the Adversary
Law enforcement’s role in cybercrime is an intricate matter because much of this has never been done before, legislation hasn’t caught up with technology, and things move quickly, says Shawn Henry, president of CrowdStrike Services and former FBI executive assistant director. Employees in the private sector are often defending against trained military professionals.

“There’s so many complexities there, and that’s why these things are never easy,” he says of navigating the myriad laws, issues, amendments, and ramifications of intervening. “If I [believe] the government’s primary responsibility is to protect the citizens, I think that their role in a case like this is to disrupt infrastructure. That is an area that the government can have success in.”

The government’s role in fighting crime is often focused on deterrence. In the physical world, this could mean seizing assets bought with stolen funds, bank accounts used to launder money, and warehouses and other facilities used to store and sell illicit products. Criminals can’t operate in an environment where their infrastructure is destroyed, and their return-on-investment drops.

Henry applies the same concept to cybersecurity, an area in which attackers “are operating with impunity” and often out of places where the host country can’t be expected to intervene.

To read the complete article, visit Dark Reading.

 

 

Tags: Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Regional Coordination Security Software State & Local Government System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • Hytera parent cites financial health, but unable to make royalty payment to Motorola Solutions
    Hytera Communications claims it has not made a court-ordered royalty payment of $49 million to Motorola Solutions because the China-based LMR manufacturer’s parent company does not have access to the assets of its subsidiaries around the world, according to a recent filing in a federal district court. Hytera Communications Corp. (HCC) made the filing earlier […]
  • NATE: Todd Schlekeway highlights organization's safety, legislative initiatives
    Todd Schlekeway, executive director of NATE: The Communications Infrastructure Contractors Association, discusses many of NATE’s planned activities for 2023, including a legislative visit to Capitol Hill in May, safety/training initiatives, and a broader release of the Vertical Freedom documentary that focuses on the lives of tower climbers in the communication arena.  
  • Cybercrime ecosystem spawns lucrative underground Gig Economy
    Over a 30-month period, cybercriminal gangs and threat groups posted more than 200,000 advertisements seeking workers with skills in software development, maintaining IT infrastructure, and designing fraudulent sites and email campaigns. The demand for technically skilled individuals continues, but it peaked during the coronavirus pandemic, with double the average job advertisements coming during March 2020, […]
  • FAA approves beyond-visual-line-of-sight (BVLOS) flights in North Dakota
    The unmanned aerial vehicle (UAV) avionics company uAvionix received Federal Aviation Administration approval to conduct advanced beyond visual line-of-sight (BVLOS) flights of small UAVs in North Dakota.  The flights will be conducted at the Northern Plains Unmanned Aerial Systems (UAS) Test Site (NPUASTS) in Grand Forks, one of seven FAA-run UAV test sites in the U.S., using […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Debating law enforcement’s role in the fight against cybercrime
    Newscan: Feds recover millions from pipeline ransom hackers, hint at U.S. Internet tactic
  • Cyber is the new Cold War, and AI is the arms race
  • Microsoft patches 6 zero-day vulnerabilities under active attack
  • IoT connectivity spending climbs as COVID-19 cases decline

Commentary


How 5G is making cities safer, smarter, and more efficient

26th January 2023

3GPP moves Release 18 freeze date to March 2024

18th January 2023

Do smart cities make safer cities?

  • 1
6th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Hytera parent cites financial health, but unable to make royalty payment to Motorola Solutions dlvr.it/ShlrlM

1st February 2023
UrgentComm

NATE: Todd Schlekeway highlights organization’s safety, legislative initiatives dlvr.it/ShljHj

1st February 2023
UrgentComm

Cybercrime ecosystem spawns lucrative underground Gig Economy dlvr.it/ShkKbf

31st January 2023
UrgentComm

FAA approves beyond-visual-line-of-sight (BVLOS) flights in North Dakota dlvr.it/ShgxHW

30th January 2023
UrgentComm

AT&T boasts of core ‘white box’ success in 5G, fiber push dlvr.it/Shgb4w

30th January 2023
UrgentComm

Spending American Rescue Plan Act funds: A primer for municipalities dlvr.it/ShgZ52

30th January 2023
UrgentComm

AT&T wireless growth keyed by FirstNet—now provides 24,000 agencies with 4.4 million connections dlvr.it/ShY5qH

27th January 2023
UrgentComm

Report: Remote work causing offices to empty, but walkable cities still in high demand dlvr.it/ShXM7Z

27th January 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.