The Shadow Brokers released documents on Friday (14 April), which experts believe suggest that the NSA monitored global bank transfers. In what is now considered to be one of the most damaging leaks ever to come to light, the hacker group has unleashed exploits that could enable hackers across the world to launch fraud and cyberattack campaigns that could likely drain banks of millions, according to reports.
The files released indicate that the NSA allegedly accessed SWIFT's internal messaging systems to monitor the money flows of several banks in the Middle East and Latin America. SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a service used by international banks across the globe when transferring funds.
The newly leaked NSA files suggest that the agency may have hacked into SWIFT's network via service bureaus, which are firms that provide smaller clients with access points to the SWIFT system.
Cris Thomas (aka Space Rogue), strategist of Tenable Network Security told IBTimes UK, "Today's Shadow Brokers data dump seems to be the largest and most damaging release to date. Like previous batches, this one is fuelled by political controversy, specifically around U.S. military action in Syria.
"Based on the information contained in the data dump, the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups."
According to Matt Suiche, founder of the UAE-based cybersecurity firm Comae Technologies, who has reviewed the Shadow Brokers' release, the hacker groups' dump included Excel files detailing a list of computers on the network of a service bureau, usernames, passwords and more such data.
"That's information you can only get if you compromise the system," Suiche said, Reuters reported. "If you hack the service bureau, it means that you also have access to all of their clients, all of the banks."
According to cybersecurity consultant Shane Shook, the data dump also contains codes that could be used by cybercriminals to hack into and monitor SWIFT's servers. "The release of these capabilities could enable fraud like we saw at Bangladesh Bank," Shook said. The Bangladesh Bank cyberheist saw $81m stolen by hackers.
SWIFT said that it has no evidence that its primary network has been accessed without authorisation. However, the firm did concede to the possibility that the local messaging system of some of its clients could have been breached.
"We mandate that all customers apply the security updates within specified times," SWIFT said in a statement.
The Shadow Brokers latest NSA dump indicates that Dubai-based firm EastNets, which oversees SWIFT transfers for various Middle Eastern clients, was hacked by the NSA. EastNets has, however, denied that its servers were hacked. The firm took to Twitter to post a statement that said that there was "no credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau."
Experts believe that the blowback of the Shadow Brokers' latest release will likely leave the intelligence community reeling for quite a while. "Because many of the documents in the data dump appear to be classified, members of the intelligence community will have a difficult time legally reviewing them to determine the full extent of the damage," Thomas added.