The Shadow Brokers, a group of hackers, has leaked an extensive list of PowerPoint and Excel documents that indicate how the National Security Agency hacked into international banks via vulnerable Windows PCs and servers. The NSA also infiltrated EastNets, a Dubai-based firm that oversees payments in the global SWIFT money-transfer system for dozens of client banks and firms in the Middle East.
The New York Times reports:
“Swift, short for the Society for Worldwide Interbank Financial Telecommunication, is used by about 11,000 banks to transfer money [trillions of dollars] from one country to another. The vast majority of those banks rely on Swift service bureaus, like EastNets, the largest bureau in the Middle East, to handle their transactions.
“The latest leaks suggest that, by hacking EastNets, the N.S.A. may have successfully hacked, or at minimum targeted, computers inside some of the biggest banks in the Middle East, including ones in Abu Dhabi and Dubai in the United Arab Emirates; Kuwait; Qatar; Syria; Yemen; and the Palestinian territories. Among the leaked documents was a now-patched N.S.A. road map to hacking Swift’s back-end infrastructure, which could be used by cybercriminals in the future.”
Hazem Mulhim, CEO and founder EastNets, denied it had been hacked, saying “the EastNets Network internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities.” However, one of the Excel spreadsheets lists thousands of stolen credentials belonging to compromised employees and technology administrators at EastNets offices around the globe.
This. Their systems were inarguably and very seriously hacked. https://t.co/LaGgAZ3FGU
— Edward Snowden (@Snowden) April 14, 2017
While Microsoft acknowledged the vulnerabilities and insisted they had been patched, Belgium-based SWIFT claimed it had no evidence that the main SWIFT network had been accessed without authorization. They did however acknowledge the possibility that the local messaging systems of some SWIFT client banks had been breached.
Matt Suiche, founder of cybersecurity firm Comae Technologies, told Wired:
“IP addresses [listed alongside the institutions] don’t actually correspond to the client’s computers, but rather to computers servicing those clients at EastNets, which is one of 120 “service bureaus” that form a portion of the SWIFT network and make transactions on behalf of customers. This is the equivalent of hacking all the banks in the region without having to hack them individually. You have access to all their transactions.”
The Shadow Brokers, it is estimated, stole close to 300 megabytes of materials from the N.S.A. The contents included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8.
Independent security experts who reviewed the contents, claimed it was without question the most damaging Shadow Brokers release to date. Matthew Hickey, a security expert and co-founder of Hacker House, told Ars:
“It is by far the most powerful cache of exploits ever released. It is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it. A number of these attacks appear to be 0-day exploits which have no patch and work completely from a remote network perspective.”
Last week, the Shadow Brokers released the password to a trove of NSA exploits to punish U.S. president Donald Trump for his involvement in Syria and for ‘abandoning his base, the movement, and the people who got him elected’.
— WikiLeaks (@wikileaks) April 8, 2017
April 14’s dump, dubbed ‘Lost in Translation’, comes just one month after WikiLeaks published Vault7, a cache of hacking tools used by the Central Intelligence Agency. WikiLeaks revealed how the C.I.A. had lost its own array of cyber weaponry on the dark web.
This article (Hackers Leak Codes the NSA Used to Hack into Middle East Banking System) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.
Supporting Anonymous’ Independent & Investigative News is important to us. Please, follow us on Twitter: Follow @AnonymousNewsHQ