Newly Released Documents By Hackers Indicate That The SWIFT System Was Compromised By NSA For Monitoring Monetary Transactions Between Banks Of Various Countries


04/15/2017

Shadow Brokers’ posts highlight breaches in the SWIFT security system as they contain “information you can only get if you compromise the system”, concludes experts.



By taking a look into the documents released by hackers on Friday, the cyber-security expert conclude that the files provided a pointer towards the “U.S. National Security Agency” for accessing “the SWIFT interbank messaging system” for monitoring the flow of money amid “some Middle Eastern and Latin American banks”.
 
The documents contained “computer code” that the criminals could adapt for breaking into “SWIFT servers” and monitoring “messaging activity”, reported a cyber-security consultant, Shane Shook, helping “banks investigate breaches of their SWIFT systems”. The group of hackers who are behind the documents release call themselves “The Shadow Brokers”. Although, Reuters failed to confirm the authenticity, it is reported that some of the “records bear NSA seals”, while NSA was not available for any comment.
 
While, Clare Baldwin added:
“Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.
“In a statement to Reuters, Microsoft (MSFT.O), maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen”.
 
According to the company’s statement:
“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers”.
 
The “absence of warning” becomes significant as NSA was aware of the breach “for months”, while a “White House process” put in place by the former U.S. President’s staff, “companies were usually warned about dangerous flaws”.
 
Shook also said that the information leaked by the hackers could be used to steal bank money by “mimicking” last year’s Bangladesh “$81 million” heist. In his words:
“The release of these capabilities could enable fraud like we saw at Bangladesh Bank”.
 
The SWIFT messaging system was modulated to block the risk of attack in relation to the “code released by hackers on Friday”, while it also added in a statement:
“We mandate that all customers apply the security updates within specified times”.
 
SWIFT also did not find any evidence of access into the SWIFT network without “authorization”, although the statement from SWIFT stated the possibility of breaches in the “local messaging systems of some SWIFT client banks” without any specific indication towards NSA.
 
Nevertheless, the released documents indicate that the “NSA may have accessed the SWIFT network through service bureaus”. While, the Founder of “Comae Technologies”, an United Arab-Emirates based cyber-security firm, Matt Suiche, believes that the “group has access to NSA files”. He said:
“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks”.
 
As the leaked files contain “Excel files” that list the “computers on a service bureau network, user names, passwords and other data”, Suiche concludes:
“That's information you can only get if you compromise the system”.
 
One of the “prominent” cyber-security firm Tenable’s researcher, Cris Thomas thinks that the Shadow Brokers posts were proof enough that
“…the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups”.
 
Likewise, a University College London-based computer-science researcher, Mustafa Al-Bassam, Twitted saying the “Shadow Brokers documents” showed that the
“…NSA hacked a bunch of banks, oil and investment companies in Palestine, UAE, Kuwait, Qatar, Yemen, more.”
 
Some of the documents released by the Shadow Brokers dates back to the year of 2013, throwing back speculations of links with “former NSA contractor”, Edward Snowden’s documents release that stated NSA monitoring “SWIFT messages” for spotting “payments intended to finance crimes”. However, nothing has been confirmed to prove that the speculated links indeed hold some truth.



References:
http://www.reuters.com