Thursday July 19, 2018
Home World Hackers Relea...

Hackers Release documents and files Indicating US National Security Agency (NSA) Monitored Global Bank Transfers

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity

0
//
71
An illustration picture shows a projection of binary code on a man holding a laptop computer, VOA
Republish
Reprint

April 15, 2017: Hackers released documents and files Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.

The NSA could not immediately be reached for comment.

NewsGram brings to you current foreign news from all over the world.

Holes in Windows

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

In a statement to Reuters, Microsoft, maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen.

“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the company said.

The absence of warning is significant because the NSA knew for months about the Shadow Brokers breach, officials previously told Reuters. Under a White House process established by former President Barack Obama’s staff, companies were usually warned about dangerous flaws.

Bangladesh heist

Shook said criminal hackers could use the information released Friday to hack into banks and steal money in operations mimicking a heist last year of $81 million from the Bangladesh central bank.

“The release of these capabilities could enable fraud like we saw at Bangladesh Bank,” Shook said.

The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers Friday.

SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.

“We mandate that all customers apply the security updates within specified times,” SWIFT said in a statement.

SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorization.

It was possible that the local messaging systems of some SWIFT client banks had been breached, SWIFT said in a statement, which did not specifically mention the NSA.

When cyberthieves robbed the Bangladesh Bank last year, they compromised that bank’s local SWIFT network to order money transfers from its account at the New York Federal Reserve.

NewsGram brings to you top news around the world today.

NSA and SWIFT

The documents released by the Shadow Brokers on Friday indicate that the NSA may have accessed the SWIFT network through service bureaus. SWIFT service bureaus are companies that provide an access point to the SWIFT system for the network’s smaller clients and may send or receive messages regarding money transfers on their behalf.

“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,” said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.

“That’s information you can only get if you compromise the system,” he said.

Cris Thomas, a prominent security researcher with the cybersecurity firm Tenable, said the documents and files released by the Shadow Brokers show “the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups.”

Thwarting terrorists

Since the early 1990s, interrupting the flow of money from Saudi Arabia, the United Arab Emirates and elsewhere to al-Qaida, the Taliban, and other militant Islamic groups in Afghanistan, Pakistan and other countries has been a major objective of U.S. and allied intelligence agencies.

Mustafa Al-Bassam, a computer science researcher at University College London, said on Twitter that the Shadow Brokers documents show that the “NSA hacked a bunch of banks, oil and investment companies in Palestine, UAE, Kuwait, Qatar, Yemen, more.”

He added that NSA “completely hacked” EastNets, one of two SWIFT service bureaus named in the documents that were released by the Shadow Brokers.

Reuters could not independently confirm that EastNets had been hacked. And EastNets, based in Dubai, denied it had been hacked in a statement, calling the assertion “totally false and unfounded.”

EastNets ran a “complete check of its servers and found no hacker compromise or any vulnerabilities,” according to a statement from EastNets’ chief executive and founder, Hazem Mulhim.

Check out NewsGram for latest international news updates.

Snowden documents

In 2013, documents released by former NSA contractor Edward Snowden said the NSA had been able to monitor SWIFT messages.

The agency monitored the system to spot payments intended to finance crimes, according to the documents released by Snowden.

Reuters could not confirm whether the documents released Friday by the Shadow Brokers, if authentic, were related to NSA monitoring of SWIFT transfers since 2013.

Some of the documents released by the Shadow Brokers were dated 2013, but others were not dated. The documents released by the hackers did not clearly indicate whether the NSA had actually used all the techniques cited for monitoring SWIFT messages.
-VOA

Click here for reuse options!
Copyright 2017 NewsGram

Next Story

Symantec Introduces ‘Email Threat Isolation ‘Technology to Block Email Attacks

The technology works by creating a secure remote execution environment between users and malicious content

0
Threat Isolation Technology
Symantec Introduces Email Threat Isolation Technology. (IANS)

Cybersecurity giant Symantec Corp on Wednesday introduced a new solution based on threat isolation technology which blocks advanced email attacks on end user devices.

Named “Email Threat Isolation”, the solution helps protect users against spear phishing, credential theft, account takeover and ransomware attacks, the company said in a statement.

The email security solution with integrated threat isolation technology is designed to protect customers from the kind of sophisticated email attacks that have become more prevalent in the Cloud generation.

“Despite significant efforts by our industry to detect and block email-borne threats, messaging remains the primary vector for malware and scams within the enterprise,” said Greg Clark, Symantec CEO.

Threat Isolation Technology
Symantec Introduces Email Threat Isolation Technology. Flickr

“This revolutionary technology helps enterprises to quickly and easily isolate all malicious email content — both internal and external — to substantially reduce inherent risks within messaging applications,” Clark said.

The technology works by creating a secure remote execution environment between users and malicious content.

It sends web traffic from suspicious links to this remote environment, which confines all malicious activity, and only sends a safe visual representation of the content down to the user.

In addition, this solution can render such sites in read-only mode which prevents unsuspecting employees from disclosing sensitive information such as corporate credentials, according to Symantec.

Also Read-India Among Nations Most Prone To Cyber Attacks

“Further, because the technology is Cloud-based, organisations can be up and running quickly and easily, reducing stress on already taxed IT teams,” Clark added. (IANS)