New leak suggests NSA penetrated Mideast banking networks
- Author: Tracy Ferguson Apr 15, 2017,
Apr 15, 2017, 6:18
A hacking group has dumped a collection of spy tools allegedly used by the National Security Agency online.
The files were dumped on Good Friday which makes it doubly hard for systems administrators as numerous exploits can be used against Windows systems apart from Windows 10.
Security researchers say the group's latest leak is the most damaging one to date.
Microsoft said in a statement to the BBC that it was "reviewing the report and will take the necessary actions to protect our customers". Consequently, their flaws won't get patched, Suiche noted.
Suiche advised Windows users who had versions of Windows equal or below Windows Vista that they were doomed "because those version of Windows aren't supported anymore".
"This means that security vulnerabilities found on those systems will never be corrected", Suiche wrote.
"The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded", a spokesperson said.
"I'll bet it's not the only SWIFT service bureau that's been compromised", he said.
The files include substantial documentation of a project to hack a Middle Eastern banking service providing access to the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network, which banks use to request transfers. However, with many people still running older versions of Windows or using outdated hardware, vulnerable targets remain.
Experts have been reviewing the latest Shadow Brokers release and one of the more risky findings is evidence of exploiting the SWIFT banking transaction system.
Because some of the files in the leak appear to be classified, intelligence community personnel are legally barred from accessing them to analyze and verify.
Both TechCrunch and Wired said they had received no comment from either the NSA or Microsoft.
Another exploit, dubbed EmeraldThread, is a remote Windows SMB exploit for Windows XP and 2003. Essentially, with access to one EastNet server, the NSA could discover and attack the other servers.
What makes this software - readily available online to anyone inclined to download it - so unsafe is that it makes use of numerous zero-day exploits.
According to The Intercept, the Shadow Brokers' April 14 release of previously undisclosed tools has the potential to comprise Windows computers running anything earlier than Windows 10. "TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes", an apparent reference to eccentric anti-virus mogul John McAfee.
"Maybe if all surviving WWIII, theshadowbrokers be seeing you next week", Friday's post read. "Who knows what we having next time?" Last week, Shadow Brokers released a password for a cache of encrypted files, again related to the NSA. He has reported from more than two-dozen countries including Iraq, Yemen, DRC, and South Sudan.