Hacked files suggest NSA penetrated SWIFT, Middle East banks

Files released by anonymous hacker Shadow Brokers suggested on Friday the US National Security Agency had penetrated the SWIFT banking network and monitored a number of Middle East banks.

The files, according to computer security analysts, also showed the NSA had found and exploited numerous vulnerabilities in a range of Microsoft Windows products widely used on computers around the world.

Analysts generally thought the files were legitimate, which show someone exploiting so-called "zero-day" or unknown vulnerabilities in common software and hardware.

"It is by far the most powerful cache of exploits ever released," cyber security expert Matthew Hickey told Ars Technica, a technology news outlet.

"It is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it. A number of these attacks appear to be 0-day exploits which have no patch and work completely from a remote network perspective," he added.

It is by far the most powerful cache of exploits ever released

- Matthew Hickey, cyber security expert

The files are believed stolen from an NSA hyper-secret hacking unit dubbed the "Equation Group".

"The tools and exploits released today have been specifically designed to target earlier versions of Windows operating system," said security specialist Pierluigi Paganini on the Security Affairs website.

They "suggest the NSA was targeting the SWIFT banking system of several banks around the world".

The files appear to indicate that the NSA infiltrated two of SWIFT's service bureaus, including EastNets, which provides technology services in the Middle East for the Belgium-based SWIFT and for individual financial institutions.

Via that entry point, the agency appears to have monitored transactions involving several banks and financial institutions in Kuwait, Dubai, Bahrain, Jordan, the Palestinian Territories, Yemen and Qatar.

The Shadow Brokers, an unidentified group or persons, has hacked the NSA for the past eight months and have leaked a gigabyte of NSA data.  

In a statement on its website, EastNets rejected the allegations. 

"The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded," it said.

"We can confirm that no EastNets customer data has been compromised in any way."

SWIFT said in a statement that the allegations involve only its service bureaus and not its own network.

"There is no impact on SWIFT's infrastructure or data. However, we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorised third parties.

"We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services."

Shadow Brokers first surfaced last year offering for sale a suite of hacking tools from the NSA. There were no takers at the price stated of tens of millions of dollars, and since then the hacker or hackers have leaked bits of the trove for free.

Analysts say many of the exploits revealed appear to be three years old or more, but have some unknown vulnerabilities that could still be used by other hackers.

No one has yet discovered the identity of Shadow Brokers or of the hackers that gained access to the NSA materials.