Sun, Apr 16, 2017 - Page 4 News List

Hacked files indicate NSA bank access

USER NAMES, PASSWORDS:Cybersecurity firm founder Matt Suiche said that ‘The Shadow Broker’ releases showed that the hackers had access to the US agency’s files

Reuters

Hackers on Friday released documents and files that cybersecurity experts said indicated that the US National Security Agency (NSA) had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cybersecurity consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by a group calling themselves “The Shadow Brokers.”

Some of the records bear NSA seals, but their authenticity could not be confirmed.

The NSA could not immediately be reached for comment.

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

Windows maker Microsoft said it had not been warned by any part of the US government that such files existed or had been stolen.

“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the company said.

The absence of warning is significant, because the NSA knew for months about the Shadow Brokers breach, officials previously told reporters.

According to a White House process established by former US president Barack Obama’s staff, companies were usually warned about dangerous flaws.

Shook said criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of US$81 million from the Bangladesh central bank.

“The release of these capabilities could enable fraud like we saw at Bangladesh Bank,” Shook said.

The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers.

SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.

“We mandate that all customers apply the security updates within specified times,” SWIFT said in a statement.

SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorization.

It was possible that the local messaging systems of some SWIFT client banks had been breached, SWIFT said in a statement, which did not specifically mention the NSA.

When cyberthieves robbed the Bangladesh Bank last year, they compromised that bank’s local SWIFT network to order money transfers from its account at the New York Federal Reserve.

The documents released by the Shadow Brokers indicate that the NSA might have accessed the SWIFT network through service bureaus.

SWIFT service bureaus are companies that provide an access point to the SWIFT system for the network’s smaller clients and might send or receive messages regarding money transfers on their behalf.

“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,” said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.

This story has been viewed 4272 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top