The latest NSA dump from the Shadow Brokers tells you how to break into banks

The mysterious tragicomic hacking group The Shadow Brokers continues to dump incredibly compromising cyberweapons and internal information looted from the NSA, accompanied by Borat-compliant gibberish that reads like someone trying to make you guess whether there's a false flag in play, and if so, who is waving it.

The latest dump doesn't just include a bunch of Windows 0-days, it also includes reports of NSA attacks on the world's banks through compromises to the SWIFT payment system. These reports -- and instructions for repeating the feats described in them -- target Middle Eastern banks.

Friday's dump also contains code for hacking into banks, particularly those in the Middle East. According to this analysis by Matt Suiche, founder of Comae Technologies, Jeepflea_Market is the code name for a 2013 mission that accessed EastNets, the largest SWIFT service bureau in the Middle East. EastNets provides anti-money laundering oversight and related services for SWIFT transactions in the region. Besides specific data concerning specific servers, the archive also includes reusable tools to extract the information from Oracle databases such as a list of database users and SWIFT message queries.

"This would make a lot of sense that the NSA compromise this specific SWIFT Service Bureau for Anti-money laundering (AML) reasons in order to retrieve ties with terrorists groups," Suiche wrote. "But given the small number (120) of SWIFT Service Bureau, and how easy it looks like to compromise them (e.g. 1 IP per Bank) — How many of those Service Bureau may have been or are currently compromised?"

Suiche also found evidence that Al Quds Bank for Development and Investment, a bank in Ramallah, Palestine, was specifically targeted.

NSA-leaking Shadow Brokers just dumped its most damaging release yet [Dan Goodin/Ars Technica]

Notable Replies

  1. This is convenient for solving my cashflow problems...

  2. I'm not clever enough to read Borat, let alone COBOL.

  3. I dunno I could parse it well enough when I worked the university mainframe lab desk and the business majors would come ask for debugging help even though that wasn't what we were there for. Somewhere between Pascal and FORTRAN in syntax.

  4. is there a reason the screen capture is from a default install of windows xp that hasn't had updates or firewall/antivirus installed?

  5. I find it is often the difference between a operating cost and a capital expense.

    Sure, the time and expense my coworkers and I spend sandboxing and protecting old ass software may exceed what a fresh, new application install and porting of data, etc. would cost. But my salary is already factored in. The other most like will result in third party contractors rewriting code, drivers and the like. That's a big check someone has to write and the powers that be are not going to jump on that.

Continue the discussion bbs.boingboing.net

6 more replies

Participants