Security News > 2021 > April > Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge
UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments - but some members of the British infosec industry are remarkably quiet about whether this would be a good thing.
In the middle of last week the American authorities made waves after deleting web shells from Exchange Server deployments compromised in the Hafnium attacks.
Some laggards still hadn't bothered - and with compromised boxen providing a useful base for criminals to launch further attacks from, evidently the FBI felt the wider risk was too great not to step in.
5(2)(iii) read together with section 3(2)(a) can be read as giving GCHQ the legal power to apply for a warrant to remove web shells from compromised Exchange Servers, provided a minister agreed that removing the malware was necessary for British economic well-being.
8/9 The FBI would of course be in legal hot water if its seizures caused harm to the property of the computer owner or the landlord.
While the NCSC declined to put anyone up for interview, in a brief statement the agency said it had stopped short of scrubbing infected servers clean without their owners' knowledge: "The NCSC has gone above and beyond to support vulnerable and compromised Exchange owners with the removal of webshells, including working with partners and proactive outreach."