US spy agency the NSA allegedly had the tools to hack into interbank messaging system SWIFT via third party providers, according to documents released by hacking group Shadow Brokers last Friday.
SWIFT has since said there is no evidence suggesting its core messaging services or network have been compromised after Reuters reported that the Shadow Group documents indicated that the NSA had accessed SWIFT through service providers (service bureaux) that offer access to the system in the Middle East and Latin America.
In a media FAQ, the organisation said: "SWIFT is in close contact with the service bureaux concerned to verify that they are aware of the allegations and have appropriate preventative measures in place." The Belgium-based organisation allows over 200 organisations to send messages about financial transactions to each other and sends payment orders between institutions' accounts.
The tools were linked to vulnerabilities discovered in versions of Microsoft's Windows operating system. Cybersecurity expert Matt Suiche, of Comae Technologies, detailed in a blog post that "Windows Vista/2008 is out of support since Monday [12 April], and Windows XP/2003 has been unsupported for more than [three] years. This means that security vulnerabilities found on those systems will never be corrected."
However, Microsoft said in a security update that all but three of the published exploits had already been patched. Those three, 'EnglishmanDentist', 'EsteemAudit', and 'ExplodingCan', don't work on Windows operating systems that are still in support. But Microsoft has not announced how it learned of the vulnerabilities, though it usually gives credit to those who find bugs.
SWIFT said: "The allegations suggest there may have been attempts to gain unauthorised access to data at two service bureaux. The exploits do not target SWIFT's infrastructure or data. There is no impact on SWIFT's infrastructure or data, and there is no evidence to suggest that there has been any unauthorised access to SWIFT's network or messaging services.
"Customers should pay close attention their own security and take security into consideration when selecting a service bureau and working with other third party providers."
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Apple denies NSA data-grabbing backdoors exist in iOSNews Claims made by forensic data scientist at hacking conference about iOS access flaws denied by Apple
-
Microsoft confesses to 14% global device market shareNews Firm to tackle Chromebooks with $199 HP Stream laptop
-
Leaked emails show NSA's close ties with GoogleNews NSA organised meetings with Google execs to discuss security issues, it is claimed
-
GCHQ and NSA accused of using Angry Birds and Google Maps to nab user dataNews Surveillance agencies have reportedly tried to collect personal information leaked from smartphone and tablet apps.
-
PRISM fallout could damage business, claim Google and CiscoNews BRIC revenues decline following Snowden revelations
-
NSA intercepts data from Google and Yahoo serversNews Agency said to be using unnamed telecoms providers to glean data.
-
NSA paid Google, Yahoo and Microsoft to cover PRISM compliance costs
News Firms had to cover compliance costs for Project PRISM.
-
US National Security Agency ‘enhanced’ Windows 7News The US government agency has been working with IT companies to raise the level of security in the public and private sectors.
