Hacked files suggest NSA penetrated SWIFT, Middle East banks

Allan Goodman
April 18, 2017

According to ZDNet and Hacker Fantastic on Twitter, the tools and exploits affect Windows 2000, Windows XP, Windows 7, Windows 8, as well as their server-side variants like Server 2000, 2003, 2008, 2008 R2 and 2012.

The NSA's official seal appeared on one of the slides in the presentation, although Reuters could not independently determine the authenticity of the slides.

The "Shadow Brokers" is a group of anonymous hackers that published hacking tools used by the NSA previous year. The group has been posting files suspected to originate from the NSA since last August.

FUZZBUNCH contains the Windows exploits mentioned above that were detailed in the Shadow Brokers leak.

"We now have all of the tools the NSA used to compromise SWIFT (via) Cisco firewalls, Windows", Suiche said.

The NSA could not immediately be reached for comment, but SWIFT said in a statement that the hacking involved only its service bureaus and not its own network. Considering these were NSA's exploit tools in the first place, that meansthe intelligence agency could have alerted Microsoft about the vulnerabilities a year ago, if it had wanted to do so.

Campaigning for Turkey referendum hits final stretch
Supporters reject these charges and say it is the only way forward for attaining stability and more prosperity in the country. They say a stronger government will be better at fighting terrorism; the country has suffered several recent attacks.

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. This would normally mean either that Microsoft somehow found (or purchased) all the vulnerabilities The Shadow Brokers were auctioning off, or perhaps that someone anonymously alerted Microsoft about the bugs.

The tools are said to have been created by the US National Security Agency (NSA), and accompanying documents appear to indicate a possible breach of the Swift global banking system. "Once the NSA is aware an adversary knows of the vulnerabilities, the agency has an obligation to protect USA interests through disclosure".

"This security update resolves vulnerabilities in Microsoft Windows", Microsoft warns in its advisory. Security researcher Matt Suiche believes the NSA might have used a Windows exploit to hack the organisation.

"There is no impact on SWIFT's infrastructure or data, however, we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorised third parties".

Security researchers spent most of the day trying to figure out how the various exploits worked by testing the exploits in various virtual machines in their respective labs. Belgium-based SWIFT on Friday downplayed the risk of attacks employing the code released by hackers and said it had no evidence that the main SWIFT network had ever been accessed without authorization. The releases are published with unusual and misspelled blog posts. All tools date back at least a few years, but exploit vulnerabilities in several Windows versions to shift across networks and compromise Windows systems. "ETERNALCHAMPION", a SMBv1 exploit, was patched by Windows updates CVE-2017-0146 & CVE-2017-0147.

Given that the Shadow Brokers have been sitting on this information since August 2016, the NSA presumably knew that the hacker group may have had access to their cyberweapons stockpile and could have alerted Microsoft, which in turn may have helped the firm issue out patches to protect users from potential attacks.

Other reports by PlayStation Move reviews

Discuss This Article

FOLLOW OUR NEWSPAPER