US government ‘monitored bank transfers’

NSA headquarters

The NSA is facing criticism for not sharing details of the security flaws with Microsoft

A huge range of security weaknesses, said to be worth more than $2m (£1.6m) if sold on the black market, have been leaked online by a hacking group.

The tools are said to have been created by the US National Security Agency.

Accompanying documents appear to indicate it was able to monitor money flows among some Middle East and Latin American banks.

It apparently did this by gaining access to two service bureaus of the Swift global banking system.

Such a hack could have enabled the US to covertly monitor financial transactions, researchers said.

The files were released by Shadow Brokers, a hacking group that has previously leaked malware.

If genuine, it represents perhaps the most significant exposure of the US agency’s files since the Edward Snowden leaks in 2013.

On Twitter, Mr Snowden described it as the “Mother Of All Exploits” – a reference to a bomb recently used by the US military in Afghanistan.

Multiple experts have said this latest “data dump” is credible – though the institutions implicated have dismissed the claims, or refused to comment.

Swift, which is headquartered in Belgium, said: “We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.”

The BBC is not able to verify the authenticity of the files – and the NSA has not commented on the leak.

Swift was successfully targeted by hackers last year when criminals stole $81m from the Bangladeshi central bank.

Watching the Middle East

Swift is a network that allows global banks to move money around the world.

In the Swift network, smaller banks often make use of service bureaus to handle transactions on their behalf. Documents included in the leak suggest at least one major bureau, EastNets, may have been compromised.

“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,” said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, speaking to Reuters.

Headquartered in Dubai, EastNets has clients in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar. Spreadsheets published by Shadow Brokers appeared to list banks that had been breached with “implants” – secret data-gathering software.

Cris Thomas, a security researcher with Tenable, said analysis of the leaked files suggested the US government had the capability “to monitor, if not disrupt, financial transactions to terrorists groups”.

In a statement on Friday, EastNets strongly denied the claims.

“The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded,” a spokesperson said.

“The EastNets Network Internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities.

“The photos shown on Twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013.”

Windows threat

The files contained several “zero day” exploits – vulnerabilities that were previously unknown to the companies that create the software, or the security community at large.

The zero-days targeted Windows machines, though researchers said none in the cache would be effective against the latest version, Windows 10.

That said, multiple experts said the sheer number of zero days released at the same time was unprecedented. One researcher, speaking to Vice, said the exploits would have been worth more than $2m if sold privately.

In January, a Twitter account believed to be run by the group announced an auction of the exploits, but it appears the group did not find any buyers. The NSA is now facing criticism for not sharing details of the exploits with Microsoft once it became clear the tools were in the hands of a hacking group.

Microsoft said in a statement to the BBC that it was “reviewing the report and will take the necessary actions to protect our customers”.



    (April 28, 2017 - 4:36 am)

    It’s perfect time tto make a feew lans forr the longg rrun and it’s time tto be happy.
    I hace learn this subgmit and iif I mayy I ddsire tto counsel you ffew fascinatiing iissues
    oor tips. Maybne yoou could write ndxt arrticles regarding tis
    article. I desikre too llearn even more things avout it!
    Way cool! Somee very valid points! I appreciate you writing
    his article aand alsoo thhe rewt oof thee wevsite iss verty good.
    I hafe been browsing onlibe moe than 3 hurs today, yeet
    I nevdr foud anny interesting artifle ike yours.It iis pretty
    wortth enouigh for me. Personally, iff alll wwbmasters andd bloggeres maxe good conteht as youu
    did, the internet will bee much mire seful thban ever

    adidas nmd

    (May 4, 2017 - 12:26 pm)

    The world’s largest sportswear maker said the previous designers, Marc
    Dolce, Mark Miner, and senior design director Denis Dekovic, began consulting for Adidas while still working at the company, violating their non-compete agreements.

    best canadian pharcharmy online

    (May 6, 2017 - 5:11 pm)

    Thanks for one’s marvelous posting! I actually enjoyed reading it,
    you will be a great author. I will be sure to bookmark your blog and may come back down the road.
    I want to encourage that you continue your great posts, have a nice

    aadhar status

    (May 9, 2017 - 8:50 am)

    We notify that it can take 90 day (3 months) to complete process means to get
    AADHAAR card after enroll it.

    bolo de pote preço

    (May 15, 2017 - 5:54 pm)

    Bolo – 1 colher de sopa de guaraná – Brigadeiro – Morangos cortados
    – Bolo – 1 colher de sopa de guaraná -Brigadeiro.

    akkuschrauber Vergleich

    (May 19, 2017 - 12:07 pm)

    I want to to thank you for this good read!! I definitely loved
    every little bit of it. I have got you book marked to
    check out new stuff you post…

    buat gmail

    (May 23, 2017 - 6:55 pm)

    Wow that was unusual. I just wrote an really long comment but after I clicked submit my comment didn’t show up.
    Grrrr… well I’m not writing all that over again. Anyways, just wanted to say fantastic blog!

    (June 3, 2017 - 9:56 pm)

    You really make it seem so easy with your presentation but I
    find this topic to be actually something that I think I would never understand.
    It seems too complex and extremely broad for me. I’m looking forward for your next post, I will try to get
    the hang of it!

Leave a Reply

Your email address will not be published. Required fields are marked *