New leak suggests NSA penetrated Mideast banking networks

April 14, 2017 by Raphael Satter
Pedestrians make their way past the building that houses the New York office of EastNets in Midtown, Manhattan, N.Y., Friday, April 14, 2017. A new set of documents purportedly lifted from the U.S. National Security Agency suggests that American spies have burrowed deep into the Middle East's financial network, apparently compromising the Dubai office of the anti-money laundering and financial services firm EastNets. The company said Friday that the documents were dated and denied that any customer data had been affected. (AP Photo/Mary Altaffer)

A new set of documents purportedly lifted from the U.S. National Security Agency suggests that American spies have burrowed deep into the Middle East's financial network, apparently compromising the Dubai office of the anti-money laundering and financial services firm EastNets. The company said Friday the documents were dated and denied that any customer data had been affected.

TheShadowBrokers, which startled the security experts last year by releasing some of the NSA's hacking tools, has recently resumed pouring secrets into the public domain. In a first for TheShadowBrokers, the data include PowerPoint slides and purported target lists, suggesting the group has access to a broader range of information than previously known.

"This is by far the most brutal dump," said Comae Technologies founder Matt Suiche, who has closely followed the group's disclosures and initially helped confirm its connection to the NSA last year. In a blog post , he said it appeared that thousands of employee accounts and machines from EastNets' offices had been compromised and that financial institutions in Kuwait, Bahrain and the Palestinian territories had been targeted for espionage.

In a statement , EastNets said there was "no credibility" to the allegation that its customers' details had been stolen.

The company, which acts as a "service bureau" connecting customers to the financial world's electronic backbone, SWIFT, said the ShadowBrokers documents referred to a "low-level internal server" that had since been retired and that a "complete check" of its systems had turned up no evidence of any compromise.

The denial drew skepticism from those who'd reviewed the files.

"Eastnets' claim is impossible to believe," said Kevin Beaumont, who was one of several experts who spent Friday combing through the documents and trying out the code. He said he'd found password dumps, an Excel spreadsheet outlining the internal architecture of the company's server and one file that was "just a massive log of hacking on their organization."

SWIFT, based in Belgium, released a less categorical statement, saying, "we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties." It said there was no evidence its own network had been compromised.

Repeated messages seeking clarification from EastNets went unreturned.

Traffic makes it's way past the building that houses the New York office of EastNets in Midtown, Manhattan, N.Y., Friday, April 14, 2017. A new set of documents purportedly lifted from the U.S. National Security Agency suggests that American spies have burrowed deep into the Middle East's financial network, apparently compromising the Dubai office of the anti-money laundering and financial services firm EastNets. The company said Friday that the documents were dated and denied that any customer data had been affected. (AP Photo/Mary Altaffer)

Beaumont said there was bad news in the release for Microsoft as well. He said the malicious code published Friday appeared to exploit previously undiscovered weaknesses in older versions of its Windows operating system—the mark of a sophisticated actor and a potential worry for many of Windows' hundreds of millions of users.

The opinion was seconded by Matthew Hickey of Prestbury, England-based cybersecurity company Hacker House.

"It's an absolute disaster," Hickey said in an email. "I have been able to hack pretty much every Windows version here in my lab using this leak."

Microsoft said in a statement that it is reviewing the leak and "will take the necessary actions to protect our customers." It declined to elaborate.

The NSA, which did not respond to emails, has previously shown interest in targeting SWIFT, according to documents leaked by former intelligence contractor Edward Snowden, and Suiche said other documents in the release suggested an effort to monitor the world's financial transactions that went beyond EastNets.

"I'll bet it's not the only SWIFT service bureau that's been compromised," he said.

Explore further: Hackers say they're revealing more from trove of NSA data

Related Stories

WikiLeaks CIA files: Are they real and are they a risk?

March 8, 2017

WikiLeaks has published thousands of documents that the anti-secrecy organization said were classified files revealing scores of secrets about CIA hacking tools used to break into targeted computers, cellphones and even smart ...

Symantec says CIA tools found across 16 countries

April 10, 2017

The CIA's cyberespionage toolkit made public by WikiLeaks has been linked to 40 spying operations in 16 countries, an early public assessment of the intelligence agency's global hacking operations, computer security company ...

Recommended for you

Semimetals are high conductors

March 18, 2019

Researchers in China and at UC Davis have measured high conductivity in very thin layers of niobium arsenide, a type of material called a Weyl semimetal. The material has about three times the conductivity of copper at room ...

5 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

rderkis
1 / 5 (1) Apr 14, 2017
When are we going to get serious about stopping the leaks. They endanger our freedom and endanger our right to privacy. Because without freedom there is no right to privacy. Do we need to start executing people convicted of releasing information to the public??
gkam
1.5 / 5 (8) Apr 14, 2017
It is called "security" derkis, and our national agencies should be emptied of those who were supposed to protect our stuff from hackers in the first place.

Don't blame the messengers for the message.
EmceeSquared
2 / 5 (4) Apr 16, 2017
The Shadow Brokers are a Russian gang. Who's going to execute them, Putin? His assets in the US Executive Branch?

rderkis:
When are we going to get serious

rderkis
1 / 5 (1) Apr 16, 2017
The Shadow Brokers are a Russian gang. Who's going to execute them, Putin? His assets in the US Executive Branch?

rderkis:
When are we going to get serious


Obviously, your the one that has to get serious. You make it sound like your to dumb to understand what I meant. And since your on here you are not dumb!
gkam
1 / 5 (7) Apr 16, 2017
Derkis, please learn to spell. You use "your" to mean "you're", which is "you are". And your use of "to dumb" should be "TOO dumb".

It isn't a big thing, but it detracts from your posts and positions.

Now, the fact the NSA has penetrated banks is not huge. The Israelis put back doors into banking system software a decade or more ago.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.