Files and documents released by the hacker group, Shadow Brokers, point to the fact that the NSA had exploited weaknesses in Microsoft Windows Server, Cisco’s ASA firewall.
As per a review of the data, released by hackers, details of a blueprint on how the U.S. NSA exploited weaknesses in commercially available software to gain access to the global banking system, has now been revealed.
A hacker group going by the name of Shadow Brokers has released documents and files which indicate that the U.S spy agency had exploited weaknesses in the SWIFT money-transfer system program, through service providers in the Middle East and Latin America.
The attacks on SWIFT by the U.S. NSA had taken place in 2013.
As per Matt Suiche, founder of Comae Technologies, a cybersecurity firm, going by the screen shots provided by the hackers, it would appear that SWIFT affiliates were using unpatched Windows servers at that time.
“As soon as they bypass the firewalls, they target the machines using Microsoft exploits,” said Suiche.
“We now have all of the tools the NSA used to compromise SWIFT (via) Cisco firewalls, Windows,” disclosed Suiche.
Microsoft has acknowledged the vulnerabilities and have stated they have been patched.
Cisco Systems Inc has previously acknowledged that its firewalls had vulnerabilities.
SWIFT had stated that it is possible that the local messaging systems of some SWIFT client banks had been breached. It however did not specifically name the NSA.
Since the NSA routinely tracks the money flows of terrorists, tracking the source of funds across the globe is a high priority area and SWIFT transfers are a natural target for intelligence agencies.
As per a PowerPoint presentation that formed part of the most recent release of the Shadow Brokers, the NSA had used a tool called BARGLEE to breach the firewall used by SWIFT’s service providers.
The slide referred to ASA firewalls.
Cisco is the only company in the world that makes ASA firewalls, as per a Cisco employee who spoke on the condition of anonymity.
ASA stands for Adaptive Security Appliance and is a combined firewall, antivirus, intrusion prevention and virtual private network, or VPN.