Both Swift and EastNets have denied reports that the US National Security Agency accessed a backdoor to the bank network to plant spyware and monitor data traffic from a number of Middle East banks. The claims were made by elite hacking outfit Shadow Brokers in a blog post which railed against Donald trump’s missile strikes in Syria.
The Shadow Brokers crew, which security professionals believes has ties to Russia, went on to post a range of hacking tools allegedly used by the US spy agency to hack into various Microsoft systems, alongside claims that the NSA had used the highly-classified technology to infiltrate a Swift Service Bureau run by EastNets.
The EastNets Bureau connects 260 banks to the Swift messaging network, including some of the biggest financial institutions in the Middle East.
In a statement, EastNets said the published documents lacked credibility and the claims made by the hackers were “totally false and unfounded”.
“The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities,” the company says. “The EastNets Service Bureau runs on a separate secure network that cannot be accessed over the public networks. The photos shown on twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013.”
Hazem Mulhim, CEO and founder EastNets, says: “While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way, EastNets continues to guarantee the complete safety and security of its customers data with the highest levels of protection from its Swift certified Service burea.”
Swift reiterated Mulhim’s comments, saying there was “no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.”
Among the documentation leaked by Shadow Brokers was a now-patched NSA road map to hacking Swift’s back-end infrastructure, which could be used by cybercriminals in the future.
In a blog post, Microsoft moved to reassure customer who had expressed concerns around the risk the Shadow Brokers disclosure potentially creates.
“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” the firm wrote.
While most fall into vulnerabilities that are already patched in Microsoft “supported products”, the published list includes three back doors into older kit.
“Customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk,” says Phillip Misner, Microsoft principal security manager. “Customers still running prior versions of these products are encouraged to upgrade to a supported offering.”
In a closing statement, Swift says financial institutions should choose their vendor partners with care: “Customers should pay close attention (to) their own security and take security into consideration when selecting a service bureau and working with other third-party providers.”