Hacked files suggest NSA penetrated SWIFT, Middle East banks

Adjust Comment Print

It is unclear how numerous security flaws used in these techniques were repaired in between the file's creation and the Brokers' release. "TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes", an apparent reference to eccentric anti-virus mogul John McAfee. "Is being too bad nobody deciding to be paying the shadow brokers for just to shutup and going away", the group said in a typically garbled blog post.

"Maybe if all surviving WWIII, theshadowbrokers be seeing you next week", Friday's post read.

Hickey provided The Intercept with a video of FUZZBUNCH being used to compromise a virtual computer running Windows Server 2008-an industry survey from 2016 cited this operating system as the most widely used of its kind.

The latest files contain tools apparently created to access Windows machines, as well as slideshows documenting the targeting of banking systems. "Who knows what we having next time?"

The real mystery here is why the Shadow Brokers released this data.

The group Friday appeared to release tools created to target Windows PCs and servers, along with presentations and files purporting to detail the agency's methods of carrying out clandestine surveillance. As a result, the security consultants they spoke with generally agree that Windows 10 is safe from these tools.

EWORKFRENZY - Lotus Domino 6.5.4 and 7.0.2 exploit.

Another exploit, dubbed EmeraldThread, is a remote Windows SMB exploit for Windows XP and 2003.

Trump tells newspaper Obama aide might have broken the law
Rice has come under fire this week amid reports that she was responsible for the unmasking of the identities of Trump associates . She would not say whether she asked for names to be unmasked, or whether she sought intelligence reports on Trump's associates.

ETERNALSYNERGY - Windows 8 and Windows Server 2012.

Some of the exploits were patched only in the most recent Patch Tuesday, showing both the importance of keeping up to date with Microsoft's patch cycle and not delaying updates and of keeping up with the OS upgrade cycle. Additionally, the release included previously unknown tools, including an exploitation framework identified as "FUZZBUNCH".

Reuters could not independently confirm that EastNets had been hacked.

A SWIFT banking representative backed up EastNets statement and said there was "no impact on SWIFT's infrastructure or data", and "no evidence to suggest that there has ever been any unauthorized access to our network or messaging services".

Perhaps the most significant target is a Dubai-based firm called EastNets - which the report states oversees payments made by a transaction service called "SWIFT" which is used globally.

A spokesperson for the SWIFT banking system told FCW in a statement that SWIFT was aware of reports that two third-party service bureaus might have been accessed, but SWIFT itself was not compromised. Besides specific data concerning specific servers, the archive also includes reusable tools to extract the information from Oracle databases such as a list of database users and SWIFT message queries.

A second weapon, called JEEPFLEA_POWDER, targeted an EastNets partner in Venezuela and Panama called BCG Business Computer Group.