https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

Debating law enforcement’s role in the fight against cybercrime

Debating law enforcement’s role in the fight against cybercrime

  • Written by Kelly Sheridan / Dark Reading
  • 6th May 2021

The FBI last month was authorized to remove malicious Web shells from machines running on-premises versions of Microsoft Exchange Server, a move that caught the eyes of cybersecurity pros and sparked a conversation about the government’s role in responding to these attacks.

This operation, which specifically authorized the activity for email servers in the United States, was announced some six weeks after Microsoft disclosed critical Exchange Server vulnerabilities that have since been used to target thousands of networks around the world. An attacker could chain the flaws together to compromise an exposed server and steal data, among other actions.

These infections commonly start with deploying a Web shell, which adversaries can later use to communicate with target machines and distribute files to infect them with additional malware. While many admins of target systems were able to successfully remove these Web shells from thousands of devices, others didn’t. Web shells persisted, unmitigated, on some target servers.

They soon became the object of an FBI operation that removed the remaining Web shells of an early hacking group. The Web shells could have been used to “maintain and escalate persistent, unauthorized access to U.S. networks,” the Justice Department wrote in a statement. Officials conducted the removal by issuing a command through the Web shell to the server, which was designed to cause the server to only delete the Web shell, as identified by its unique file path.

It’s important to note that while the FBI copied and removed Web shells, it did not patch any of the vulnerabilities, nor did it search for or remove additional malware or hacking tools that may have been present on target servers. Officials said they were attempting to contact the owners and operators of infected machines following the operation; they did not give advance notice.

The FBI has been involved in several operations against cybercrime. Officials most recently teamed up with global law enforcement agencies to bring down the Emotet botnet.

But this operation, in which the FBI was present on enterprise servers without owners’ knowledge, caught the eyes of many. It feels different than law enforcement dismantling a botnet, which often involves tracking a command-and-control server that the bots communicate with, disrupting communication, and gaining control over it.

“That’s a nuanced difference, but it’s a little different than the FBI specifically knowing endpoints that are compromised, remoting in, and deleting a Web shell,” says Katie Nickels, threat intelligence director at Red Canary, who feels “pretty divided” about the operation.

For Nickels, and for many defenders, it was difficult in early March to see many organizations compromised in the Exchange Server attacks. Security practitioners know there are teams that aren’t current on security news and don’t know to patch or detect Web shells, she explains. It’s frustrating, as a defender, to know all these businesses are going to be compromised and not know about it.

“Part of me as a defender is really happy that someone is trying to help these organizations remove a Web shell,” she says. “Of course, there’s the other side: What kind of precedent does this set, allowing law enforcement to go into a computer … what kind of precedent does that set for the future? When could these operations take actions in the future, and what could be the implications of that? That’s the other side.”

“I feel squarely torn, and that’s what I’ve heard from most people,” Nickels adds. In the past few months, as the world learned about SolarWinds and the Exchange Server attacks, the security community has seen a growing disparity between organizations prepared to face these incidents and those that aren’t — and a need to help lacking companies protect themselves.

A Goal of Disrupting the Adversary
Law enforcement’s role in cybercrime is an intricate matter because much of this has never been done before, legislation hasn’t caught up with technology, and things move quickly, says Shawn Henry, president of CrowdStrike Services and former FBI executive assistant director. Employees in the private sector are often defending against trained military professionals.

“There’s so many complexities there, and that’s why these things are never easy,” he says of navigating the myriad laws, issues, amendments, and ramifications of intervening. “If I [believe] the government’s primary responsibility is to protect the citizens, I think that their role in a case like this is to disrupt infrastructure. That is an area that the government can have success in.”

The government’s role in fighting crime is often focused on deterrence. In the physical world, this could mean seizing assets bought with stolen funds, bank accounts used to launder money, and warehouses and other facilities used to store and sell illicit products. Criminals can’t operate in an environment where their infrastructure is destroyed, and their return-on-investment drops.

Henry applies the same concept to cybersecurity, an area in which attackers “are operating with impunity” and often out of places where the host country can’t be expected to intervene.

To read the complete article, visit Dark Reading.

 

 

Tags: Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Regional Coordination Security Software State & Local Government System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • FCC approves order to modernize priority-service rules
    FCC commissioners yesterday voted unanimously to approve a report and order that is designed to modernize and streamline the agency’s rules for three priority-service offerings: Wireless Priority Service (WPS), the Government Emergency Telecommunications Service (GETS) and the Telecommunications Service Priority (TSP) System. All three of these services—designed for use by national-security and emergency-preparedness personnel who […]
  • Florida P25 system slated for completion in 2024, will interoperate with FirstNet
    Florida’s efforts to transition its Statewide Law-Enforcement Radio System (SLERS) from legacy EDACS to P25 technology that is augmented by FirstNet broadband service is largely on schedule, with most public-safety users having P25 devices by July, according to an official with contractor L3Harris. Keith Gaston, the SLERS account manager for L3Harris, said that all of […]
  • More Verizon changes: price hikes, departure of biz CEO Erwin
    On the same day that Bloomberg reported on Verizon’s plans to increase prices, the CEO of the company’s business unit, Tami Erwin, announced her plans to leave the company by the end of the year. The developments reflect the difficulties Verizon has been facing amid growing competition in the wireless sector and inflation in the US economy. […]
  • Canada officially gives Huawei and ZTE the boot
    Despite his frothy name, François-Philippe Champagne did not bring any sparkle for Chinese vendors waiting to hear if they would be allowed to sell products in Canada. The Canadian minister of innovation, science and industry had only disappointing news for Huawei and ZTE earlier today. From now on, neither will be allowed to serve Canadian […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Debating law enforcement’s role in the fight against cybercrime
    Newscan: Feds recover millions from pipeline ransom hackers, hint at U.S. Internet tactic
  • Cyber is the new Cold War, and AI is the arms race
  • Microsoft patches 6 zero-day vulnerabilities under active attack
  • IoT connectivity spending climbs as COVID-19 cases decline

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

FCC approves order to modernize priority-service rules dlvr.it/SQmSN0

20th May 2022
UrgentComm

Meet smart city goals cost-effectively dlvr.it/SQmPkr

20th May 2022
UrgentComm

Security for microwave links dlvr.it/SQmNwX

20th May 2022
UrgentComm

Florida P25 system slated for completion in 2024, will interoperate with FirstNet dlvr.it/SQm9cf

20th May 2022
UrgentComm

More Verizon changes: price hikes, departure of biz CEO Erwin dlvr.it/SQlWPT

20th May 2022
UrgentComm

Canada officially gives Huawei and ZTE the boot dlvr.it/SQlGht

20th May 2022
UrgentComm

MITRE creates framework for supply-chain security dlvr.it/SQlFjC

20th May 2022
UrgentComm

John Deere one step closer to fully autonomous farming dlvr.it/SQl7dv

20th May 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X