NSA penetrated SWIFT banking network in Middle East: Hackers

Posted April 16, 2017

Hackers have released documents and files that cybersecurity experts say indicate the US National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

Some of the tools appeared to target the SWIFT banking system, according to classified documents found in the cache.

EastNets was one of the Swift service bureaus tagged by The Shadow Brokers, a group who released the files.

When hacking group "Shadow Brokers" started leaking NSA-discovered exploits, many people were understandably anxious.

NSA whistleblower Edward Snowden even chimed in on the claims that EastNet weren't compromised, with the official Twitter page to EastNet responding to the situation tweeting "No credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau".

A spokesperson said in an email in the middle of the night that the company has "investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products".

SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorisation. It operates as a messaging system for such things as letters of credit, payments and securities transactions between banks.

Iraq says Islamic State has lost most of the land it seized
The operation began in October 2016 and led to the liberation of Mosul's eastern part this January. In Syria itself, it also holds the city of Raqqa and other areas.

The group Friday appeared to release tools created to target Windows PCs and servers, along with presentations and files purporting to detail the agency's methods of carrying out clandestine surveillance. He said the malicious code published Friday appeared to exploit previously undiscovered weaknesses in older versions of its Windows operating system - the mark of a sophisticated actor and a potential worry for many of Windows' hundreds of millions of users.

"I'll bet it's not the only SWIFT service bureau that's been compromised", he said. Hickey demonstrated in a video that one of the exploits in the leak can easily trigger remote code execution in a machine running Windows Server 2008 R2 SP1. The NSA has not yet commented on the leak.

"Is being too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away", the group stated in a blog post announcing the new release, which is written in their characteristic broken English.

Via that entry point, the agency appears to have monitored transactions involving several banks and financial institutions in Kuwait, Dubai, Bahrain, Jordan, the Palestinian Territories, Yemen and Qatar.

Snowden, for his part, is pointing a finger at the NSA. Maybe if all suviving WWIII theshadowbrokers be seeing you next week. Luckily, when it comes to the recently leaked Windows exploits, Microsoft was already prepared - now supported versions of the operating system are not impacted. "Below is our update on the investigation", says Phillip Misner, Principal Security Group Manager, Microsoft Security Response Center. While Microsoft always acknowledges the source of security flaw reports, the grugq noticed there are no acknowledgements for patches (MS17-010) issued last month that fix some of the leaked NSA exploits.

"The NSA knew their hacking methods were stolen past year, but refused to tell software makers how to lock the thieves out".