Hacked files suggest NSA monitored Middle East banks

Files released by ‘Shadow Brokers’ also suggest the NSA exploited weaknesses in Microsoft Windows products.

Wikileaks US spying
No one has yet discovered the identity of Shadow Brokers [Thomas Trutschel/Photothek via Getty Images]

Files released by the mysterious hacker “Shadow Brokers” on Friday suggested the US National Security Agency (NSA) had penetrated the SWIFT banking network and monitored a number of Middle East banks.

The files, according to computer security analysts, also showed the NSA had found and exploited numerous vulnerabilities in a range of Microsoft Windows products widely used on computers around the world.

Analysts generally accepted the leaked files came from the NSA.

WATCH: Michael Hayden on Snowden, surveillance and NSA

“The tools and exploits released today have been specifically designed to target earlier versions of Windows operating system,” said security specialist Pierluigi Paganini on the Security Affairs website.

They “suggest the NSA was targeting the SWIFT banking system of several banks around the world”.

The SWIFT system is used by banks to transfer trillions of dollars each day. 

The files appear to indicate that the NSA had infiltrated two of SWIFT’s service bureaus, including EastNets, which provides technology services in the Middle East for the Belgium-based SWIFT and for individual financial institutions.

Via that entry point, the agency appears to have monitored transactions involving several banks and financial institutions in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar.

SWIFT said in a statement that the allegations involve only its service bureaus and not its own network.

“There is no impact on SWIFT’s infrastructure or data, however, we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorised third parties.”

“We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.”

In a statement on its website, EastNets rejected the allegations.

“The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded,” it said.

“We can confirm that no EastNets customer data has been compromised in any way.”

Analysts say many of the exploits revealed appear to be three years old or more, but have some unknown vulnerabilities that could still be used by other hackers.

“Eastnets’ claim is impossible to believe,” said Kevin Beaumont, who was one of several experts who spent Friday combing through the documents and trying out the code.

He told the Associated Press news agency that he had found password dumps, an Excel spreadsheet outlining the internal architecture of the company’s server, and one file that was “just a massive log of hacking on their organisation”.

READ MORE: Is Big Brother coming to Germany?

Beaumont said there was bad news in the release for Microsoft as well. He said the malicious code published on Friday appeared to exploit previously undiscovered weaknesses in older versions of its Windows operating system – the mark of a sophisticated actor and a potential worry for many of Windows’ hundreds of millions of users.

The opinion was seconded by Matthew Hickey of UK-based cybersecurity company Hacker House.

“It’s an absolute disaster,” Hickey said in an email to the AP. “I have been able to hack pretty much every Windows version here in my lab using this leak.”

Microsoft said in a statement that it is reviewing the leak and “will take the necessary actions to protect our customers”. It declined to elaborate.

The NSA has previously shown interest in targeting SWIFT, according to documents leaked by former intelligence contractor Edward Snowden.

No one has yet discovered the identity of Shadow Brokers, or of the hackers that gained access to the NSA materials.

Shadow Brokers first surfaced last year offering for sale a suite of hacking tools from the NSA. There were no takers at the price – stated of tens of millions of dollars – and since then the hacker or hackers have leaked bits of the trove for free.

Source: News Agencies