The mysterious tragicomic hacking group The Shadow Brokers continues to dump incredibly compromising cyberweapons and internal information looted from the NSA, accompanied by Borat-compliant gibberish that reads like someone trying to make you guess whether there's a false flag in play, and if so, who is waving it.
The latest dump doesn't just include a bunch of Windows 0-days, it also includes reports of NSA attacks on the world's banks through compromises to the SWIFT payment system. These reports -- and instructions for repeating the feats described in them -- target Middle Eastern banks.
Friday's dump also contains code for hacking into banks, particularly those in the Middle East. According to this analysis by Matt Suiche, founder of Comae Technologies, Jeepflea_Market is the code name for a 2013 mission that accessed EastNets, the largest SWIFT service bureau in the Middle East. EastNets provides anti-money laundering oversight and related services for SWIFT transactions in the region. Besides specific data concerning specific servers, the archive also includes reusable tools to extract the information from Oracle databases such as a list of database users and SWIFT message queries.
"This would make a lot of sense that the NSA compromise this specific SWIFT Service Bureau for Anti-money laundering (AML) reasons in order to retrieve ties with terrorists groups," Suiche wrote. "But given the small number (120) of SWIFT Service Bureau, and how easy it looks like to compromise them (e.g. 1 IP per Bank) — How many of those Service Bureau may have been or are currently compromised?"
Suiche also found evidence that Al Quds Bank for Development and Investment, a bank in Ramallah, Palestine, was specifically targeted.
NSA-leaking Shadow Brokers just dumped its most damaging release yet [Dan Goodin/Ars Technica]