The hacking group known as Shadow Brokers has released a number of files that shed light on the NSA's Windows-focused hacking tools. The tools appear to target Servers and PCs, as well as the SWIFT banking system.
The files have been awaited since last year when tools belonging to the NSA's Equation Group were ‘lost'. So far Shadow Brokers has been releasing the tools in batches, including ones targeting vulnerabilities in Linux.
The latest batch of Windows releases contains several top secret files, including documentation for JeepfleaMarket. The NSA allegedly used this program to collect data from at least nine banks internationally.
Among other methods, the NSA seems to have use the tool to hack EastNets, a Dubai firm that oversees SWIFT transactions. EastNets denies any knowledge of hack, stating on Twitter:
“No credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau…”
However, evidence from Shadow Brokers seems to contradict that. The release suggests a compromise of several Middle Eastern banking systems. A list of targetted IP addresses has links to firms from Syria, Abu Dhabi, Yemen, and the Palestinian territories.
According to security researcher Matt Suiche, the IP's aren't of the business' computers, but EastNets. EastNets is one company out of hundreds that provides access to a portion of the SWIFT network.
“This is the equivalent of hacking all the banks in the region without having to hack them individually,” he says. “You have access to all their transactions.”
The NSA also exploited VPNs and Cisco firewalls to target banks, giving them “deep access” to the network.
Older Windows Versions
The majority of the cache targets Windows versions that are well past the sell-by date. Some go back to Windows XP, while others target Server 2003. However, there are also tools for Windows 7 and Windows 8.
Some of the exploits appear to be zero-day, and could be unknown to Microsoft. Security researchers are still combing through files, but believe there are over twenty different exploits. Fifteen of those are part of the NSA's automatic hacking framework, Fuzzbunch.
Matthew Hickey, founder of security firm Hacker House, states, “There are exploits here that are quite likely zero days that will let you hack into any number of servers on the internet. This is as big as it gets. It's internet God mode.”
Microsoft is currently investigating the leak. Speaking to WIRED, a spokesperson said, “We are reviewing the report and will take the necessary actions to protect our customers.”
Shadow Brokers has hinted at further NSA leaks next week.