Hackers' files show US security agency tracked global bank transfers

NEW YORK • Hackers have released documents and files that cyber security experts said indicated the United States National Security Agency (NSA) had accessed the Swift interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release on Friday included computer code that could be adapted by criminals to break into Swift servers and monitor messaging activity, said Mr Shane Shook, a cyber security consultant who has helped banks investigate breaches of their Swift systems.

The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.

Since the early 1990s, interrupting the flow of money from Saudi Arabia, the United Arab Emirates and elsewhere to Al-Qaeda, the Taleban, and other militant groups in Afghanistan, Pakistan and other countries has been a major objective of US and allied intelligence agencies.

The NSA could not immediately be reached for comment.

Also published were many programs for attacking various versions of the Windows operating system, researchers said.

In a statement to Reuters, Microsoft, maker of Windows, said it had not been warned by any part of the US government that such files existed or had been stolen.

"Other than reporters, no individual or organisation has contacted us in relation to the material released by Shadow Brokers," the company said.

The absence of warning is significant because the NSA knew for months about the Shadow Brokers breach, officials previously told Reuters. Under a White House process established by former President Barack Obama's staff, companies were usually warned about dangerous flaws.

Mr Shook said criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of US$81 million (S$113 million) from the Bangladesh central bank.

The Swift messaging system is used by banks to transfer trillions of dollars each day. Belgium-based Swift downplayed the risk of attacks employing the code released by hackers on Friday. Swift said it regularly releases security updates and instructs client banks on how to handle known threats.

"We mandate that all customers apply the security updates within specified times," Swift said in a statement, adding it had no evidence that the main network had ever been accessed without authorisation.

It was possible that the local messaging systems of some Swift client banks had been breached, Swift said, without specifically mentioning the NSA.

When cyber-thieves robbed the Bangladesh Bank last year, they compromised that bank's local Swift network to order money transfers from its account at the New York Federal Reserve.

The documents released by the Shadow Brokers on Friday indicate that NSA may have accessed the Swift network through service bureaus. Swift service bureaus are companies that provide an access point to the Swift system for the network's smaller clients and may send or receive messages regarding money transfers on their behalf.

"If you hack the service bureau, it means that you also have access to all of their clients, all of the banks," said Mr Matt Suiche, founder of the UAE-based cyber security firm Comae Technologies, who has studied the Shadow Broker releases.


A version of this article appeared in the print edition of The Sunday Times on April 16, 2017, with the headline 'Hackers' files show US security agency tracked global bank transfers'. Print Edition | Subscribe