NSA breached money-transfer system in Middle East and Latin America

Share

NSA breached money-transfer system in Middle East and Latin America

Possibly one of the most unsafe exploits included in the Shadow Brokers dump, this is an SMBv1 flaw that can be exploited over TCP port 445, and which targets Windows XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2.

The NSA's official seal appeared on one of the slides in the presentation, although Reuters could not independently determine the authenticity of the slides.

Shadow Brokers took the cybersecurity industry by a storm on Friday by releasing a trove of hacking tools for Windows that were allegedly stolen from the National Security Agency. In January of this year, the group announced another auction for Windows exploits. This Friday's release contains more serious exploits.

The hacked tools alarmed famous USA whistleblower Edward Snowden, who first uncovered the extent of NSA's illegal spying in 2013.

Through an official blog post released on Saturday, the Redmond giant has confirmed that it has already patched most of the exploits and it is completely safe to use all supported versions of Windows. Three of the NSA exploits, which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147, have not been patched but do not work on programs that Microsoft now supports, according to Ars Technica. Microsoft itself claims that no organization or individual aside from reporters has contacted the company in regard to the Shadow Brokers' leak.

The Windows hacking tools may have been used to target the SWIFT financial security system, specifically an anti-money laundering financial institution called EastNets.

For now, it's not exactly clear how Microsoft found out about these exploits or who tipped them off.

"Devices not on this list will not officially receive the Windows 10 Creators Update nor will they receive any future builds from our development branch that we release as part of the Windows Insider Program", Sarkar said.

If genuine, such a hack could have enabled the U.S. to covertly monitor financial transactions, researchers said.

Security researchers are now exploring the files trying to determine the capabilities of the alleged exploits, already dubbed by Edward Snowden the NSA's "Top Secret arsenal of digital weapons".

The exploits are aimed at a number of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

The files, according to computer security analysts, also showed the NSA had found and exploited numerous vulnerabilities in a range of Microsoft Windows products widely used on computers around the world.

Microsoft said the "EnglishmanDentist", "EsteemAudit", and "ExplodingCan" exploits are not reproducible on now supported versions of Windows.

The documents released by the Shadow Brokers on Friday indicate that the NSA may have accessed the SWIFT network through service bureaus.

Swift, which is headquartered in Belgium, said: "We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services".

What is important to note is how MS17-010 patch broke Microsoft's long stand pattern of acknowledging who tipped the company of the security holes. Hickey demonstrated in a video that one of the exploits in the leak can easily trigger remote code execution in a machine running Windows Server 2008 R2 SP1.

Share

Advertisement

© 2015 Leader Call. All Rights reserved.