14 DAY TRIAL // The Shadow Brokers hacker group dumped another pile of NSA files on the Internet, some concerning the agency's ways of breaking into Windows systems, and some regarding its targets, namely the SWIFT Service Bureaus.
The fact that the NSA had possibly targeted SWIFT had been known for years, since Edward Snowden's original NSA file leaks. Now, however, this comes into focus once more as there is evidence of exploits targeting two of Swift's Service Bureaus looking for banking data for a number of financial institutions in the Middle East. It is believed that the agency was monitoring funds for terrorist operations.
"In this case, if Shadow Brokers claims are indeed verified, it seems that the NSA sought to totally capture the backbone of the international financial system to have a God's eye into a SWIFT Service Bureau - and potentially the entire SWIFT network. this would fit within standard procedure as a covert entity entrusted with covert actions that may or may not be legal in a technical way," wrote researcher Matt Suiche in a blog post.
Despite the data coming from the Shadow Brokers, SWIFT claims its infrastructure or data has not been compromised. "There is no impact on SWIFT's infrastructure or data, however, these we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties," a representative of SWIFT told Threatpost.
Huge importance
These SWIFT Service Bureaus are third-party service providers managing and hosting connections to SWIFTNet for financial institutions looking to connect to the network.
According to Matt Suiche's explanation, the SWIFT-related archives, called JEEPFLEA, contain credentials and the architecture of EastNets, the largest SWIFT Service Bureau in the Middle East.
The bank transactions are handled on an Oracle database running SWIFT software and they include tools used by the NSA to gain data from the Oracle installation, which includes a list of users, and message queries.
EastNets, which is one of the targets of the NSA, according to the newly released files, provides a number of services, including anti-money-laundering and antifraud, account information and admin account information. Hazem Mulhim, EastNets CEO and founder, says there is no credibility to the claims his service was compromised.
"The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded. [...] The photos shown on twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013," he said. "The EastNets Service Bureau runs on a separate secure network that cannot be accessed over the public networks."
His claims, however, were debunked as soon as they were made by Kevin Beaumont, security researcher, who demonstrated that EastNets' network was publicly accessible, with screenshots to back it up.