Swift urges global banks to ‘pay close attention’ to security after hackers leak ‘NSA’ exploits
Swift, the global banking platform used to manage money transfers between over 10,000 financial institutions, is urging its users to bulk up security amid revelations the US National Security Agency (NSA) exploited vulnerabilities in Microsoft products to spy on its clients.
Last week, a hacking group known as the Shadow Brokers published a batch of explosive documents alleging the NSA accessed the Swift network by compromising third party services in the Middle East and Latin America. The group previously released files exposing alleged NSA “cyberweapons”.
“Customers should pay close attention their own security and take security into consideration when selecting a service bureau and working with other third party providers,” the Brussels-based organisation said in a lengthy statement on 17 April (Monday).
“Securing software and systems by immediately installing security updates, patches and software is key to protecting against exploits such as these,” it continued, adding: “Swift regularly releases security updates reinforcing our products, thereby protecting against known exploits.”
According to experts who analysed the leaked files, the Shadow Brokers publication revealed that in 2013 at least two service bureaux were targeted by US spies. One of the companies – Dubai-based EastNets – offers its users Swift connectivity and anti-money laundering services.
Nine computer servers at this official contractor were targeted by the NSA, files showed. Another leaked spreadsheet indicated that Middle-Eastern banks including the Qatar First Investment Bank, Dubai Gold and Commodities Exchange and the Kuwait Petroleum Company were of interest.
“[If] verified, it seems that the NSA sought to totally capture the backbone of international financial system to have a God’s eye into a Swift Service Bureau — and potentially the entire Swift network,” Matt Suiche, founder of cybersecurity firm Comae Technologies, wrote in a blog post.
“This is the first time to date that so much information had been published on how a Swift Service Bureau actually works and its internal infrastructure,” he added. “All of that are very valuable information (such as infrastructure map, scripts, tools etc.) for an attacker.”
In Monday’s security update, Swift said that while the information was “historic” it was in close contact with service bureaux to “remind them of their responsibility” to inform their customers about the threat of cybercrime and to perform fresh security checks.
“The allegations suggest attackers wanted to gain unauthorised access to data at two service bureaux,” it continued, adding: “We can confirm that there is no impact on Swift’s infrastructure or data, and we have no evidence to suggest that there has been any unauthorised access.”
On Friday 14 April, Microsoft stressed the alleged NSA exploits had been fixed in a recent security update. “Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” said Phillip Misner, Microsoft’s security group manager.
The same day, Hazem Mulhim, chief executive of EastNets, denied his company was successfully hacked, despite screenshots indicating the opposite was true. “Reports of an alleged hacker-compromised EastNets Service Bureau (ENSB) network is totally false and unfounded,” he said.
It is the second major scandal that Swift has faced in recent years, following the well-publicised cyberattack at the Bangladesh Central Bank last year. In that case, hackers exploited the system to compromise $81m. At the time, it was described as the largest known case of financial cybercrime.