Hackers Say NSA Snooped Into Banks in Palestinian Authority and Wider Middle East

The group known as Shadow Brokers says releases programs used by the U.S. security agency, including some used to hack into the Swift system for money transfers

Oded Yaron
Oded Yaron
Send in e-mailSend in e-mail
The NSA headquarters in Fort Meade, Maryland.
The NSA headquarters in Fort Meade, Maryland.Credit: AP / Patrick Semansky
Oded Yaron
Oded Yaron

The U.S. National Security Agency spied on money transfers through the Swift interbank network, according to a hacker group that says its data dump is meant to protest U.S. President Donald Trump’s missile attack on Syria this month.

The group, known as Shadow Brokers, also says the NSA has developed tools to hack computers using Microsoft’s Windows operating system, though the company says most significant vulnerabilities have already been patched.

Swift is used by around 11,000 banks and other financial institutions to transfer money. The NSA surveillance reportedly included Palestinian banks and banks elsewhere in the Middle East and Latin America. Experts say Shadow Brokers’ data leak last week was its biggest and most significant yet.

The leak began with the release of programs to hack into Unix operating systems, and peaked Friday with the exposure of Windows-targeting programs using so-called zero-day vulnerabilities previously unknown flaws that leave the software producer with zero days to fix the problem.

As with previous exposures of NSA malware, the leaked programs bore strange names like fuzzbunch, jeepflea_market, oddjob and jeepflea_powder.

The data dump included tools for breaking into Windows on servers and private computers. Some of the Windows versions like Windows XP are obsolete they are no longer updated by the company. Other versions, including Windows 8, still receive security updates. The leak did not include tools to attack Windows 10.

The most remarkable Windows-cracking tool is fuzzbunch, which like programs such as Metasploit in the civilian world bundles a number of assault tools into one easy-to-use package.

“I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” researcher Matthew Hickey, co-founder of Hacker House, told The Intercept via Twitter Direct Messages.

Previous leaks by Shadow Brokers consisted only of code samples. This time the leaks also included presentations and documents exposing information about targets – which turned out to have included Swift.

“Oh you thought that was it?” Shadow Brokers wrote in a statement accompanying the Friday leak, delivered in its signature style – bravado marked by grammar or punctuation issues.

According to the hacker group, the institutions the NSA followed included Ramallah-based Al Quds Bank.

Tal Be’eri, a security investigator and expert on Swift, told Haaretz that the consortium that manages the Swift standard tells organizations joining it which servers and software to use. Monitoring Swift would make sense for the NSA as it tracks funding sources for things like terrorism and the black market in nuclear weapons, Be’eri adds.

Following 9/11, Washington created software to legally draw information out of Swift to aid terror-related probes. Swift is headquartered in Belgium, so if the NSA used malicious software on Swift, it was effectively spying on EU territory.

Be’eri, however, says the NSA’s main target was actually a Dubai-based company called EastNets, which provides service to Swift and is directly connected with its computer system. EastNets has branches in Belgium, the United Arab Emirates and Egypt, and serves numerous clients in the Middle East.

According to the presentations and excel spreadsheets leaked by Shadow Brokers, the NSA continued to spy on financial institutions via its break-in at EastNets at least until 2013, the year Edward Snowden revealed information about U.S. government hacking, including on the Swift system.

EastNets categorically denies being hacked, according to Wired. EastNets said its internal security unit found no penetration by hackers.

Shadow Brokers made headlines last year when it vowed to reveal to the highest bidder NSA computer programs for espionage. Shadow Brokers released examples that experts deemed to include authentic, if somewhat obsolete, software written by the NSA’s Tailored Access Operations unit.

Some observers suspect that Shadow Brokers is actually part of a Russian effort to undermine the United States and its intelligence operations. The group said it was making the NSA’s 2013 hacking tools available to everyone in protest against the U.S. attack on a Syrian air force base on April 7.

For its part, Microsoft said that some of the vulnerabilities in Windows had already been patched and that it was hurrying to fix the rest. If the software is an obsolete version that Windows no longer supports, the company won’t be fixing its vulnerabilities.

“Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” the company said, adding: “Customers still running prior versions of these products are encouraged to upgrade to a supported offering.”

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.
From $1 for the first month

Already signed up? LOG IN

ICYMI

Charles Lindbergh addressing an America First Committee rally on October 3, 1941.

Ken Burns’ Brilliant ‘The U.S. and the Holocaust’ Has Only One Problem

The projected rise in sea level on a beach in Haifa over the next 30 years.

Facing Rapid Rise in Sea Levels, Israel Could Lose Large Parts of Its Coastline by 2050

Prime Minister Yair Lapid, this month.

Lapid to Haaretz: ‘I Have Learned to Respect the Left’

“Dubi,” whose full name is secret in keeping with instructions from the Mossad.

The Mossad’s Fateful 48 Hours Before the Yom Kippur War

Tal Dilian.

As Israel Reins in Its Cyberarms Industry, an Ex-intel Officer Is Building a New Empire

Queen Elizabeth II, King Charles III and a British synagogue.

How the Queen’s Death Changes British Jewry’s Most Distinctive Prayer