In what could be the perfect storm, hackers going by the name of ‘Shadow Brokers’ have released a data dump that they claim to have stolen from the National Security Agency (NSA). The dump contains exploits for the popular Windows operating system of Microsoft. Another folder of the dump titled SWIFT apparently contains documents describing the internal structure of EastNets, a UAE-based bank and anti-money laundering organization.
Windows and SWIFT compromised
What Shadow Brokers have released is a series of zero-day exploits for Windows. These type of exploits are basically vulnerabilities in software which are not commonly known. Apart from the Windows issue, it seems that NSA has tried to hack into SWIFT, a popular bank network that is used to send money worldwide. The target, in this case, seems to have been a bureau of SWIFT that provides services to banks in the Middle East.
What does it all mean?
Most home users should not worry about a zero day exploit as long as they have sufficient precautions in place on their computers like anti-virus and a firewall. However, this is a worrying development for enterprise and business users.
The hacking of SWIFT also raises serious questions about the security of global banking system in general. If actors both state or non-state can gain access to banking networks such as SWIFT, the privacy of millions of transactions has been severely compromised. RT reports:
“It’s now feared that one of the world’s most secure methods of making payment orders has been irrevocably compromised with the NSA’s sophisticated arsenal of hacking tools now freely available online.”
Reaction to the hacking news
EastNets has already released a statement strongly denying that they have been compromised.
In a release on their website they say:
“The reports of an alleged hacker-compromised EastNets Service Bureau (ENSB) network is totally false and unfounded. The EastNets Network internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities.”
Engadget has quoted a Microsoft spokesperson as saying, “We are reviewing the report and will take the necessary actions to protect our customers.”
A broken model and eroded trust
It is a shame that security agencies that are charged with protecting the people are using these means to hack into financial networks and also not working with the Information Technology industry to patch vulnerabilities.
The Washington Post reported Microsoft as saying that it had never been contacted by NSA about these exploits so that it could fix it.
“Might be time to consider a standalone defensive cyber security agency like France, Germany, Japan or Korea. Current model not working.”