Technology

Save
Print

'Wrecking the internet': hackers may have just revealed huge flaw in global commodity market

17 reading now

Hackers have released documents and files that cybersecurity experts say indicate the US National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release on Friday included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by the Shadow Brokers, a hacking group that has previously leaked malware. Some of the records bear NSA seals, but Fairfax could not confirm their authenticity.

If genuine, such a hack could have enabled the US to covertly monitor financial transactions, researchers said.

The new leak suggested that the NSA may have hacked into EastNets, a Dubai-based firm that facilitates payments in the global SWIFT transaction system for a collective of major banks based in the Middle East.

The leak included detailed evidence that a string of major financial firms in Qatar, Dubai, Abu Dhabi, Syria, Yemen, and the Palestinian territories, may have been hacked - or potentially targeted - by the US government.

Advertisement

However, the BBC reported on Friday that EastNets denied claims its service had been compromised.

"The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded," a spokesperson said.

"The EastNets Network Internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities".

But the contents of the leak appeared to suggest otherwise.

One spreedsheet contained in the release listed a slew of banks based in the Middle East that were successfully infected by NSA spyware.

Qatar First Investment Bank, Arab Petroleum Investments Corporation Bahrain, Dubai Gold and Commodities Exchange, Tadhamon International Islamic Bank, Noor Islamic Bank, Kuwait Petroleum Company and Qatar Telecom, are just a few of the financial institutions that were targeted by the NSA, according to the leaked files.

Fairfax was not able to verify the authenticity of the files - and the NSA has not commented on the leak.

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

In a statement to Reuters, Microsoft, maker of Windows, said it had not been warned by any part of the US government that such files existed or had been stolen.

Following the leak, Microsoft released a statement outlining the risks that may have been created by the disclosure.

"Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates".

"Our engineers have investigated the disclosed exploits, and most of the exploits are already patched".

Criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of $US81 million from the Bangladesh central bank.

That cyberattack was likely the work of the North Korean government, according to the Russian cybersecurity company Kaspersky Lab ZAO.

The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers on Friday.

SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.

SWIFT said it had no evidence that the main SWIFT network had ever been accessed without authorisation.

It was possible that the local messaging systems of some SWIFT client banks had been breached, SWIFT said in a statement, which did not specifically mention the NSA.

The documents released by the Shadow Brokers on Friday indicate that the NSA may have accessed the SWIFT network through service bureaus. SWIFT service bureaus are companies that provide an access point to the SWIFT system for the network's smaller clients and may send or receive messages regarding money transfers on their behalf.

"If you hack the service bureau, it means that you also have access to all of their clients, all of the banks," said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.

"That's information you can only get if you compromise the system," he said.

Cris Thomas, a prominent security researcher with the cybersecurity firm Tenable, said the documents and files released by the Shadow Brokers show "the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups".

If legitimate, the files released by Shadow Brokers would be the most significant exposure of NSA files since the leaks in 2013 by former US intelligence contractor, Edward Snowden.

The infamous whistleblower described the exposure of the files as the "Mother Of All Exploits" on Twitter, writing that the release of the files was "wrecking the internet".

The documents released by the hackers did not clearly indicate whether the NSA had actually used all the techniques cited for monitoring SWIFT messages.

Fairfax Media, Reuters, AAP