US government ‘monitored bank transfers’

Posted by BankInfo on Mon, Apr 17 2017 05:21 pm
BBC

A huge range of security weaknesses, said to be worth more than $2m (£1.6m) if sold on the black market, have been leaked online by a hacking group, reports BBC.
The tools are said to have been created by the US National Security Agency. 
Accompanying documents appear to indicate it was able to monitor money flows among some Middle East and Latin American banks.
It apparently did this by gaining access to two service bureaus of the Swift global banking system.
Such a hack could have enabled the US to covertly monitor financial transactions, researchers said.
The files were released by Shadow Brokers, a hacking group that has previously leaked malware.
If genuine, it represents perhaps the most significant exposure of the US agency's files since the Edward Snowden leaks in 2013.
On Twitter, Mr Snowden described it as the "Mother Of All Exploits" - a reference to a bomb recently used by the US military in Afghanistan.
Multiple experts have said this latest "data dump" is credible - though the institutions implicated have dismissed the claims, or refused to comment.
Swift, which is headquartered in Belgium, said: "We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services."
The BBC is not able to verify the authenticity of the files - and the NSA has not commented on the leak.
Swift was successfully targeted by hackers last year when criminals stole $81m from the Bangladeshi central bank. 
Swift is a network that allows global banks to move money around the world. 
In the Swift network, smaller banks often make use of service bureaus to handle transactions on their behalf. Documents included in the leak suggest at least one major bureau, EastNets, may have been compromised.
"If you hack the service bureau, it means that you also have access to all of their clients, all of the banks," said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, speaking to Reuters.
Headquartered in Dubai, EastNets has clients in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar. Spreadsheets published by Shadow Brokers appeared to list banks that had been breached with "implants" - secret data-gathering software.
Cris Thomas, a security researcher with Tenable, said analysis of the leaked files suggested the US government had the capability "to monitor, if not disrupt, financial transactions to terrorists groups".
In a statement on Friday, EastNets strongly denied the claims.
"The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded," a spokesperson said.

news:independent/17-apr-2017
Posted in Banking, News

Comments