No Server Left Behind: The Justice Department’s Novel Law Enforcement Operation to Protect Victims


19 Apr 2021

Alex Iftimie authored an article in Lawfare discussing the U.S. Department of Justice’s novel law enforcement operation to protect victims of state-sponsored hacking by removing malware from hundreds of victim systems in the United States that were compromised as a result of recently discovered zero-day vulnerabilities in Microsoft Exchange Server.

“The operation signals that the Justice Department is willing to take novel and increasingly robust action as part of the department’s longstanding strategy to protect American businesses and individuals from foreign cyber operations—particularly those executed by well-funded, state-sponsored actors,” Alex wrote. He added: “The operation also represents a welcome evolution in strategy. Whereas the FBI could have simply notified each of the hundreds of victims that their systems were compromised (a process that would have taken time and still left victims at risk of continued compromise), the Justice Department instead took proactive action to disable malware that was being used to infiltrate networks across the United States.”

“Although clearly rooted in legal authority, the operation goes beyond what the Justice Department had done before,” Alex added. “This appears to be the first time Justice has used criminal law authorities to access the systems of downstream victims on a wide scale to remove or disable malware.”

Read the full article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.