Hackers Release NSA Tools That Could Compromise Millions Of PCs

Geronimo Vena
Aprile 15, 2017

Hacker group Shadow Brokers dumped a new cache of NSA tools on Friday, and some are calling it, "the worst thing since Snowden".

The Shadow Brokers are back with another batch of hacking tools allegedly from the National Security Agency that includes Microsoft zero-day exploits and backdoors into SWIFT banking system service bureaus.

SWIFT said in a statement that the allegations involve only its service bureaus and not its own network. The files suggest that the NSA is actively targeting worldwide banking bureaus, specifically through a widespread global protocol for secure financial messaging and transactions.

"This is the equivalent of hacking all the banks in the region without having to hack them individually", says Suiche, founder of UAE-based incident response and forensics startup Comae Technologies.

"This is the first time to date that so much information had been published on how a SWIFT Service Bureau actually works and its internal infrastructure", he wrote in a blog post.

The Windows hacking tools may have been used to target the SWIFT financial security system, specifically an anti-money laundering financial institution called EastNets.

He also recommends that companies take inventory of their IT assets so they know which servers might be vulnerable.

The well-known hacking group (or individual) called "Shadow Brokers", just leaked a number of Windows vulnerabilities allegedly created to go after old Microsoft computers.

Previous releases by the Shadow Brokers have contained tools and exploits that analysts have stated were years old and for which many companies had issued patches and updates.

"This isn't a data dump, this is a damn Microsoft apocalypse", tweeted a security researcher who goes by the name Hacker Fantastic. This details exact targets, such as particular systems in eastnets.com to leverage access into the SWIFT systems of client banks, and sql queries created to extract, in bulk, transactions of interest.

The documents released by the hackers did not clearly indicate whether the NSA had actually used all the techniques cited for monitoring SWIFT messages.

A Microsoft spokesperson told The Intercept "We are reviewing the report and will take the necessary actions to protect our customers".

Cris Thomas, a prominent security researcher with the cybersecurity firm Tenable, said the documents and files released by the Shadow Brokers show "the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorist groups".

"Maybe if all surviving WWIII, theshadowbrokers be seeing you next week", Friday's post read.

Matthew Hickey, cofounder of British security shop Hacker House, told The Register FUZZBUNCH is a very well-developed package that allows servers to be penetrated with a few strokes of the keyboard. "It's a huge slap on the face of NSA", said Bulgarian antivirus expert Vesselin Bontchev in an email.

Altre relazioni OverNewsmagazine

Discuti questo articolo