Hundreds of megabytes worth of sophisticated hacking tools purportedly stolen from the National Security Agency became publicly available Friday, triggering security experts across the globe to sound alarms as the US government's weaponized software exploits seemingly entered the wild.
The latest dump doesn't just include a bunch of Windows 0-days, it also includes reports of NSA attacks on the world's banks through compromises to the SWIFT payment system.
The US National Security Agency has compromised users of a major global money-transfer system used by some financial institutions and banks in the Middle East and Latin America, a group of hackers says.
According to ZDNet and Hacker Fantastic on Twitter, the tools and exploits affect Windows 2000, Windows XP, Windows 7, Windows 8, as well as their server-side variants like Server 2000, 2003, 2008, 2008 R2 and 2012.
Meanwhile, EastNets Service Bureau, that provides outsourced SWIFT connectivity, on Saturday denied that its bureau was compromised and said that the reports of hack are "totally false and unfounded".
"While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way", said the EastNets founder and chief executive Hazem Mulhim in a statement sent to The National.
Swift was successfully targeted by hackers past year when criminals stole $81m from the Bangladeshi central bank.
Today, an internet hacking collective called The Shadow Brokers dumped a giant pile of what they claim are NSA hacking tools that target Windows machines online.
The exploits, published by the Shadow Brokers yesterday, contained vulnerabilities in Windows computers and servers. "At this time", said the spokesperson, "other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers".
"There is no impact on SWIFT's infrastructure or data, however we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties". "I don't think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life", security researcher Matthew Hickey told the Intercept.
Via that entry point, the agency appears to have monitored transactions involving several banks and financial institutions in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar.
"The NSA knew their hacking methods were stolen a year ago, but refused to tell software makers how to lock the thieves out".
The real mystery here is why the Shadow Brokers released this data.
Microsoft however notes that these exploits were only patched "on supported products" and in particular note that 3 exploits, "EnglishmanDentist", "EsteemAudit", and "ExplodingCan", could not be reproduced on "Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange" urging customers to upgrade to supported versions of the software.
The Shadow Brokers came on the scene in the summer of 2016 when they announced they had a trove of stolen NSA tools that they then put up for auction. Even NSA whistleblower Edward Snowden weighed in on the exploits, claiming that the "NSA did not warn Microsoft" about the leaked exploits. In a blog post late Friday, Microsoft listed specific updates - including one released as recently as March - that protect users against the vulnerabilities.