Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
U.S. Says It Removed Malware Worldwide, Pre-Empting Russian Cyberattack (nytimes.com)
45 points by jrochkind1 on April 6, 2022 | hide | past | favorite | 7 comments


  The court orders allowed the F.B.I. to go into domestic corporate networks and remove the malware, sometimes without the company’s knowledge.
This is actually extremely freaky.


Well, how else would they be able to remove malware without explicit access to the existing networks?


The only way law enforcement should have access to any civilian network not publicly accessible is with a warrant per the Fourth Amendment. "Secret court orders" to "remove malware" are fascist BS. Who knows what, if anything the US actually removed, or what they added?

Russian botnets and cyberattacks are a legitimate threat to Western countries, especially right now, but a legitimate threat also makes a perfect cover.


The article isn’t clear about what actually happened here, but this isn’t all that unheard of (aside from the secret court orders and fbi part). The way this typically works is the good guys co-opt the Command and Control channels and/or servers, and send commands from that C&C to remove/patch/disinfect the malware.

The C&C takeover can happen a number of ways, from DGA reverse engineering (where you register a bunch of domains that the DGA will eventually pick to communicate with, a common way for non-government entities to do it), all the way up to state-level DNS or BGP hijacking.

A lot of malware that’s distributed is pretty flexible, as it is rarely intended for a single purpose. Today data exfiltration is as lucrative in ransom as destructive encryption, and some other way of extorting companies may get popular tomorrow, so the bad guys like to keep their options open. The small bright side to this is that if you can get control of the C&C channels, you can use that flexibility to tell the malware to remove itself. In the past this technique has even been used to patch vulnerabilities…


A week ago Kaspersky AV software was labeled a national security threat by the U.S. government, and people here were up in arms. Now folks are already upset that sealed court orders were obtained by U.S. law enforcement before they could protect infrastructure against a direct attack.

Maybe someday the HN comment section will realize that U.S. intelligence is actually competent.


One would expect that after stuxnet and the whole NSA/Snowden thing that the consensus on the capabilities and competence of the US intelligence services and NSA would be positive.


They did what 'secretly' now? Hm. Not alot of details in this article. But eyebrow raises at FBI supposedly going into private networks to 'fix' stuff.

Maybe they just cut a few key networking pipes to stop the connections to Russia?

Not that I'm against them you know, fighting or defending in the cyberwar, but still feels fishy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: