Documents hint NSA hack of Mideast banks
‘Brutal’ data dump shows infifiltration of EastNets bureau.
PARIS — A new set of documents purportedly lifted from the U.S. National Securit y Agency suggests that American spies have burrowed deep into the Middle East’s fifinancial network, apparently compromising the Dubai offiffice of the antimoney laundering and fifinancial services fifirm EastNets. The company said Friday the documents were dated and denied that any customer data had been affffffffffffected.
TheShadowBrokers, which startled the security experts last year by releasing some of the NSA’s hacking tools, has recently resumed pouring secrets into the public domain. In a fifirst for TheShadowBrokers, the data include PowerPoint slides and purported target lists, suggesting the group has access to a broader range of information than previously known.
“This is by far the most brutal dump,” said Comae Technologies founder Matt Suiche, who has closely followed the group’s disclosures and initially helped confifirm its connection to the NSA last year. In a blog post, he said it appeared that thousands of employee accounts and machines from EastNets’ offiffices had been compromised and that fifinancial institutions in Kuwait, Bahrain and the Palestinian territories had been targeted for espionage.
In a statement, EastNets said there was “no credibilit y” to the allegation that its customers’ details had been stolen.
The company, which acts as a “service bureau” connecting customers to the fifinancial world’s electronic backbone, SWIFT, said the ShadowBrokers documents referred to a “low-level inter- nal server” that had since been retired and that a “complete check” of its systems had turned up no evidence of any compromise.
The denial drew skep - tic i sm from those who’d reviewed the fifiles.
“Eastnets’ claim is impossible to believe,” said Kevin Beaumont, who was one of several experts who spent Friday combing through the documents and trying out the code. He said he’d found password dumps, an Excel spreadsheet outlining the internal architecture of the company’s server and one fifile that was “just a massive log of hacking on their organization.”
Beaumont said the malicious code published Friday appeared to exploit previously undiscovered weaknesses in older versions of its Windows operating system — the mark of a sophisticated actor and a potential worry for many of Windows’ hundreds of millions of users.
That was seconded by Matthew Hickey of Prestbury, England-based cybersecurity company Hacker House.
“It’s an absolute disaster,” Hickey said in an email. “I have been able to hack pretty much every Windows version here in my lab using this leak.”
Microsoft said it is reviewing the leak and “will take the necessary actions to protect our customers.”