Hackers on Friday released documents and files that cybersecurity experts said indicated that the US National Security Agency (NSA) had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.
The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cybersecurity consultant who has helped banks investigate breaches of their SWIFT systems.
The documents and files were released by a group calling themselves “The Shadow Brokers.”
Some of the records bear NSA seals, but their authenticity could not be confirmed.
The NSA could not immediately be reached for comment.
Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.
Windows maker Microsoft said it had not been warned by any part of the US government that such files existed or had been stolen.
“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the company said.
The absence of warning is significant, because the NSA knew for months about the Shadow Brokers breach, officials previously told reporters.
According to a White House process established by former US president Barack Obama’s staff, companies were usually warned about dangerous flaws.
Shook said criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of US$81 million from the Bangladesh central bank.
“The release of these capabilities could enable fraud like we saw at Bangladesh Bank,” Shook said.
The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers.
SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.
“We mandate that all customers apply the security updates within specified times,” SWIFT said in a statement.
SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorization.
It was possible that the local messaging systems of some SWIFT client banks had been breached, SWIFT said in a statement, which did not specifically mention the NSA.
When cyberthieves robbed the Bangladesh Bank last year, they compromised that bank’s local SWIFT network to order money transfers from its account at the New York Federal Reserve.
The documents released by the Shadow Brokers indicate that the NSA might have accessed the SWIFT network through service bureaus.
SWIFT service bureaus are companies that provide an access point to the SWIFT system for the network’s smaller clients and might send or receive messages regarding money transfers on their behalf.
“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,” said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.
The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.
“That’s information you can only get if you compromise the system,” he said.
Republican US lawmakers on Friday criticized US President Joe Biden’s administration after sanctioned Chinese telecoms equipment giant Huawei unveiled a laptop this week powered by an Intel artificial intelligence (AI) chip. The US placed Huawei on a trade restriction list in 2019 for contravening Iran sanctions, part of a broader effort to hobble Beijing’s technological advances. Placement on the list means the company’s suppliers have to seek a special, difficult-to-obtain license before shipping to it. One such license, issued by then-US president Donald Trump’s administration, has allowed Intel to ship central processors to Huawei for use in laptops since 2020. China hardliners
A top Vietnamese property tycoon was on Thursday sentenced to death in one of the biggest corruption cases in history, with an estimated US$27 billion in damages. A panel of three hand-picked jurors and two judges rejected all defense arguments by Truong My Lan, chair of major developer Van Thinh Phat, who was found guilty of swindling cash from Saigon Commercial Bank (SCB) over a decade. “The defendant’s actions ... eroded people’s trust in the leadership of the [Communist] Party and state,” read the verdict at the trial in Ho Chi Minh City. After the five-week trial, 85 others were also sentenced on
Conjoined twins Lori and George Schappell, who pursued separate careers, interests and relationships during lives that defied medical expectations, died this month in Pennsylvania, funeral home officials said. They were 62. The twins, listed by Guinness World Records as the oldest living conjoined twins, died on April 7 at the Hospital of the University of Pennsylvania, obituaries posted by Leibensperger Funeral Homes of Hamburg said. The cause of death was not detailed. “When we were born, the doctors didn’t think we’d make 30, but we proved them wrong,” Lori said in an interview when they turned 50, the Philadelphia Inquirer reported. The
RAMPAGE: A Palestinian man was left dead after dozens of Israeli settlers searching for a missing 14-year-old boy stormed a village in the Israeli-occupied West Bank US President Joe Biden on Friday said he expected Iran to attack Israel “sooner, rather than later” and warned Tehran not to proceed. Asked by reporters about his message to Iran, Biden simply said: “Don’t,” underscoring Washington’s commitment to defend Israel. “We are devoted to the defense of Israel. We will support Israel. We will help defend Israel and Iran will not succeed,” he said. Biden said he would not divulge secure information, but said his expectation was that an attack could come “sooner, rather than later.” Israel braced on Friday for an attack by Iran or its proxies as warnings grew of