Bitcoin Forum
November 15, 2024, 06:38:50 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Shadow Brokers Leak Shows NSA Hacked Middle East Banking System  (Read 504 times)
Hydrogen (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 1441



View Profile
April 14, 2017, 04:21:13 PM
 #1

Quote
FOR EIGHT MONTHS, the hacker group known as Shadow Brokers has trickled out an intermittent drip of highly classified NSA data. Now, just when it seemed like that trove of secrets might be exhausted, the group has spilled a new batch. The latest dump appears to show that the NSA has penetrated deep into the finance infrastructure of the Middle East—a revelation that could create new scandals for the world’s most well-resourced spy agency.

Friday morning, the Shadow Brokers published documents that—if legitimate—show just how thoroughly US intelligence has compromised elements of the global banking system. The new leak includes evidence that the NSA hacked into EastNets, a Dubai-based firm that oversees payments in the global SWIFT transaction system for dozens of client banks and other firms, particularly in the Middle East. The leak includes detailed lists of hacked or potentially targeted computers, including those belonging to firms in Qatar, Dubai, Abu Dhabi, Syria, Yemen, and the Palestinian territories. Also included in the data dump, as in previous Shadow Brokers releases, are a load of fresh hacking tools, this time targeting a slew of Windows versions.

“Oh you thought that was it?” the hacker group wrote in a typically grammar-challenged statement accompanying their leak. There was speculation prior to this morning’s release that the group had finally published its full set of stolen documents, after a seemingly failed attempt to auction them for bitcoins. “Too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away.”

SWIFT Action
The transaction protocol SWIFT has been increasingly targeted by hackers seeking to redirect millions of dollars from banks around the world, with recent efforts in India, Ecuador, and Bangladesh. Security researchers have even pointed to clues that a $81 million Bangladesh bank theft via SWIFT may have been the work of the North Korean government. But the Shadow Brokers’ latest leak offers new evidence that the NSA has also compromised SWIFT, albeit most likely for silent espionage rather than wholesale larceny.

EastNets has denied that it was hacked, writing on its Twitter account that there’s “no credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau.” But the Shadow Brokers’ leak seems to suggest otherwise: One spreadsheet in the release, for instance, lists computers by IP address, along with corresponding firms in the finance industry and beyond, including the Qatar First Investment Bank, Arab Petroleum Investments Corporation Bahrain, Dubai Gold and Commodities Exchange, Tadhamon International Islamic Bank, Noor Islamic Bank, Kuwait Petroleum Company, Qatar Telecom and others. A “legend” at the top of the spreadsheet notes that the 16 highlighted IP addresses mean, “box has been implanted and we are collecting.” That NSA jargon translates to a computer being successfully infected with its spyware.1

Those IP addresses don’t actually correspond to the client’s computers, says Dubai-based security researcher Matt Suiche, but rather to computers servicing those clients at EastNets, which is one of 120 “service bureaus” that form a portion of the SWIFT network and make transactions on behalf of customers. “This is the equivalent of hacking all the banks in the region without having to hack them individually,” says Suiche, founder of UAE-based incident response and forensics startup Comae Technologies. “You have access to all their transactions.”

Blowback
While the Shadow Brokers’ releases have already included NSA exploits, today’s leak is the first indication of targets of that sophisticated hacking in the global banking system. Unlike previous known hacks of the SWIFT financial network, nothing in the leaked documents suggests that the NSA used its access to EastNets or BCG’s SWIFT systems to actual alter transactions or steal funds. Instead, stealthily tracking the transactions within that network may have given the agency visibility into money flows within the region—including to potential terrorist, extremist, or insurgent groups.

If that sort of finance-focused espionage was in fact the NSA’s goal, it would hardly deviate from the agency’s core mission. But Suiche points out that confirmation of the operation would nonetheless lead to blowback for the NSA and the US government—particularly given that many of the listed targets are in US-friendly countries like Dubai and Qatar. “A big shitstorm is to come,” says Suiche. “You can expect the leadership of key organizations like banks and governments are going to be quite irritated, and they’re going to react.”

Beyond EastNets alone, Suiche points to references in the files to targeting the Panama-based firm Business Computer Group or BCG, although it’s not clear if the firm was actually compromised. Beyond its Twitter statement, EastNets didn’t respond to WIRED’s request for comment. WIRED also reached out to BCG and the NSA, but didn’t get a response.

Windows to the World
SWIFT aside, the leak also contains a cornucopia of NSA hacking tools or “exploits,” including what appear to be previously secret techniques for hacking PCs and servers running Windows. Matthew Hickey, the founder of the security firm Hacker House, analyzed the collection and believes there are more than 20 distinct exploits in the leak, about 15 of which are included in an automated hacking “framework” tool called FuzzBunch.

The attacks seem to target every recent version of Windows other than Windows 10, and several allow a remote hacker to gain the full ability to run their own code on a target machine. “There are exploits here that are quite likely zero days that will let you hack into any number of servers on the internet,” says Hickey. “This is as big as it gets. It’s internet God mode.”

In a statement to WIRED, a Microsoft spokeperson wrote only, “We are reviewing the report and will take the necessary actions to protect our customers.” If the released code does turn out include zero days, though, that would potentially leave millions of Windows users exposed until the company can pull together patches and release them to users.1

The Shadow Brokers, meanwhile, hinted in their release that they’re not done creating trouble for the NSA yet. “Maybe if all suviving [sic] WWIII theshadowbrokers be seeing you next week,” the group’s message concludes. “Who knows what we having next time?”

https://www.wired.com/2017/04/major-leak-suggests-nsa-deep-middle-east-banking-system/

Yet another reason to use bitcoin rather than rely on banks.

I wonder if this could hurt relations between the united states and middle eastern countries.

Can't imagine middle eastern countries will be happy to learn of this.
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
April 14, 2017, 05:42:51 PM
 #2

Are they just releasing it for free now? I thought they were selling this info to the highest bidder?
I've been out of the loop for a while, would be interesting to know more about this. Where can I find their announcements?

Hydrogen (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 1441



View Profile
April 14, 2017, 06:06:39 PM
 #3

Are they just releasing it for free now? I thought they were selling this info to the highest bidder?
I've been out of the loop for a while, would be interesting to know more about this. Where can I find their announcements?

Wikileaks is releasing the Vault7 info a little at a time.

Not sure if they're releasing the hacker tools and exploits that go with the data.

Last I heard they were releasing text data only, no code or binaries.

You can find download info on their site:

https://wikileaks.org/

You might also need a password to open some of the files, the pw is: “SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds.”

(Without quotation marks, I think)
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
April 14, 2017, 06:25:09 PM
 #4

Are they just releasing it for free now? I thought they were selling this info to the highest bidder?
I've been out of the loop for a while, would be interesting to know more about this. Where can I find their announcements?

Wikileaks is releasing the Vault7 info a little at a time.

Not sure if they're releasing the hacker tools and exploits that go with the data.

Last I heard they were releasing text data only, no code or binaries.

You can find download info on their site:

https://wikileaks.org/

You might also need a password to open some of the files, the pw is: “SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds.”

(Without quotation marks, I think)
Are you sure that the vault7 releases are the same as those dumps from the shadowbrokers?
I really think they're 2 seperate things, nothing seems to indicate that they're linked when you look it up. 

https://motherboard.vice.com/en_us/article/theyre-back-the-shadow-brokers-release-more-alleged-exploits
https://bit.no.com:43110/theshadowbrokers.bit/post/messagefinale/

Hydrogen (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 1441



View Profile
April 14, 2017, 06:48:50 PM
 #5

Are you sure that the vault7 releases are the same as those dumps from the shadowbrokers?
I really think they're 2 seperate things, nothing seems to indicate that they're linked when you look it up.  

https://motherboard.vice.com/en_us/article/theyre-back-the-shadow-brokers-release-more-alleged-exploits
https://bit.no.com:43110/theshadowbrokers.bit/post/messagefinale/

Yeah, I guess you're right.

Wikileaks obtained vault7 from shadowbrokers.

Looks like they parted ways a few months back, I didn't realize they had a break up.
HaXX0R1337
Sr. Member
****
Offline Offline

Activity: 574
Merit: 252



View Profile
April 16, 2017, 11:17:27 PM
 #6

If it is true then it is a major indication that the American's will go to any length to deprive your privacy and there should be major outbreak to put some pressure and those actions must the punished and this is not the first time the agencies from America are hearing these sort of accusation so this is not a big surprise but hacking a banking system is just too much to accept and with the recent exploitation and hacking in a Bangladeshi bank where the hackers stole over $81 million and now it is revealed that US have tried the same exploit i am eager what their explanation would be.

▬▬▬▬▬▬

▬▬▬▬▬▬
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████▀▀       ▀▀█████▄
 ▄████▀             ▀████▄
▄████▀    ▄▄▄▄▄▄▄    ▀████▄
█████    █████████    █████
█████    ████████▀    █████
█████     ▄▄▄▄        █████
▀████▄   ██████      ▄████▀
 ▀████   █████▀     ▄████▀
   ▀▀     ▄▄▄    ▄▄█████▀
         █████   █████▀
         ▀███▀    ▀▀
COMPRO
FINANCE
▬▬▬▬▬▬

▬▬▬▬▬▬
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄████████████████▀▀█████▄
▄████████████▀▀▀    ██████▄
████████▀▀▀   ▄▀   ████████
█████▄     ▄█▀     ████████
████████▄ █▀      █████████
▀████████▌▐       ████████▀
▀████████ ▄██▄  ████████▀
▀█████████████▄███████▀
▀█████████████████▀
▀▀█████████▀▀
Mometaskers
Hero Member
*****
Offline Offline

Activity: 1764
Merit: 584



View Profile
April 23, 2017, 04:22:56 PM
 #7

At least Big Brother is just watching and not manipulating the system. Imagine if they decide to do that. I understand that they are trying to track funding to terrorists but this just shows to what extent they can snoop at you. And that can be unnerving.I for one am glad that I'm using bitcoins. They can just easily force anyone to give them data about my transaction. Sure they can try, but they'll really see nothing suspicious with mine and they'll realize they just wasted resources going after me, and most other people simply because we use bitcoin.

Now I'm curious who these Shadow Brokers are. Who are they and who do they work for? Are they based in some foreign country, like those that hacked  Bangladesh? Was that bad English just a mistake or was it deliberate?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!