Global banking system 'hacked' by NSA
April 15, 2017
The mysterious hacker group known as "Shadow Brokers" released files late on Friday showing that the US National Security Agency (NSA) had found and exploited numerous vulnerabilities that allowed them to penetrate the SWIFT banking network.
The breach, which was carried out due to vulnerabilities in older versions of Microsoft Windows software, allowed NSA spies to monitor money flows among some Middle Eastern and Latin American banks.
Former CIA whistleblower Edward Snowden described the NSA's hack as the "Mother Of All Exploits," in reference to the massive US bomb dropped last week on Afghanistan. Snowden previously released files showing the NSA had the ability to intercept SWIFT messages.
Several analysts have said that the revelations by "Shadow Brokers" are credible and that the files have almost certainly come from the NSA, as some of them bear the agency's seals.
Bank vulnerabilities exposed
The hacking report also contained computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity between banks, according to cybersecurity consultant Shane Shook.
Shook warned that the code could be used in operations similar to last year's theft of $81 million from the Bangladesh central bank.
Another prominent security researcher, Cris Thomas, said the NSA hack was carried out "presumably as a way to monitor, if not disrupt, financial transactions to terrorist groups."
The SWIFT messaging system, which is headquartered in Belgium, is used by banks to transfer trillions of dollars each day.
The released files appear to indicate that the NSA had infiltrated two of SWIFT's service bureaus, allowing the monitoring of transactions of financial institutions in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar. Service bureaus handle transactions on behalf of smaller banks.
Revelations downplayed
The NSA could not immediately be reached for comment, but SWIFT said in a statement that the hacking involved only its service bureaus and not its own network.
"There is no impact on SWIFT's infrastructure or data, however we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties."
"We have no evidence to suggest that there has ever been any unauthorized access to our network or messaging services."
One of SWIFT's service bureaus, the Dubai-based EastNets, which was allegedly among those hacked, strongly rejected the claims as "totally false and unfounded."
Microsoft, meanwhile, said it has already patched the vulnerabilities found in the hack. In a statement, the tech giant said it had not been contacted by the NSA about the breach.
"Shadow Brokers" has previously released leaked malware which it attempted to sell for tens of millions of dollars. But the group's identity remains a secret.