April 15, 2017 - 10:51 AMT
PanARMENIAN.Net - Hackers released documents and files on Friday, April 14 that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks, Reuters reports.
The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.
The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.
The NSA could not immediately be reached for comment.
Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.
In a statement to Reuters, Microsoft, maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen.
"Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers," the company said.
The absence of warning is significant because the NSA knew for months about the Shadow Brokers breach, officials previously told Reuters. Under a White House process established by former President Barack Obama's staff, companies were usually warned about dangerous flaws.
Shook said criminal hackers could use the information released on Friday to hack into banks and steal money in operations mimicking a heist last year of $81 million from the Bangladesh central bank.
"The release of these capabilities could enable fraud like we saw at Bangladesh Bank," Shook said.
The SWIFT messaging system is used by banks to transfer trillions of dollars each day. Belgium-based SWIFT downplayed the risk of attacks employing the code released by hackers on Friday.
SWIFT said it regularly releases security updates and instructs client banks on how to handle known threats.
"We mandate that all customers apply the security updates within specified times," SWIFT said in a statement.