18 August 2017
Find out more

Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

18 April 2017  |  7001 views  |  0 Swift HQ

Both Swift and EastNets have denied reports that the US National Security Agency accessed a backdoor to the bank network to plant spyware and monitor data traffic from a number of Middle East banks.

The claims were made by elite hacking outfit Shadow Brokers in a blog post which railed against Donald trump's missile strikes in Syria. The Shadow Brokers crew, which security professionals believes has ties to Russia, went on to post a range of hacking tools allegedly used by the US spy agency to hack into various Microsoft systems, alongside claims that the NSA had used the highly-classified technology to infiltrate a Swift Service Bureau run by EastNets.

The EastNets Bureau connects 260 banks to the Swift messaging network, including some of the biggest financial institutions in the Middle East.

In a statement, EastNets said the published documents lacked credibility and the claims made by the hackers were "totally false and unfounded".

"The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities," the company says. "The EastNets Service Bureau runs on a separate secure network that cannot be accessed over the public networks. The photos shown on twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013."

Hazem Mulhim, CEO and founder EastNets, says: “While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way, EastNets continues to guarantee the complete safety and security of its customers data with the highest levels of protection from its Swift certified Service burea."

Swift reiterated Mulhim's comments, saying there was "no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.”

Among the documentation leaked by Shadow Brokers was a now-patched NSA road map to hacking Swift’s back-end infrastructure, which could be used by cybercriminals in the future.

In a blog post, Microsoft moved to reassure customer who had expressed concerns around the risk the Shadow Brokers disclosure potentially creates.

"Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the firm wrote.

While most fall into vulnerabilities that are already patched in Microsoft "supported products", the published list includes three back doors into older kit.

"Customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk," says Phillip Misner, Microsoft principal security manager. "Customers still running prior versions of these products are encouraged to upgrade to a supported offering."

In a closing statement, Swift says financial institutions should choose their vendor partners with care: "Customers should pay close attention (to) their own security and take security into consideration when selecting a service bureau and working with other third-party providers.”

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Swift introduces tool to help banks spot fraudulent messages

Swift introduces tool to help banks spot fraudulent messages

12 April 2017  |  7474 views  |  1 comments | 6 tweets | 18 linkedin
SOFE Berlin: Cyber security worries dominate closing debate

SOFE Berlin: Cyber security worries dominate closing debate

25 November 2016  |  18436 views  |  0 comments | 3 tweets | 9 linkedin
Swift in the firing line of new bank-targeting Trojan

Swift in the firing line of new bank-targeting Trojan

11 October 2016  |  7135 views  |  0 comments | 10 tweets | 21 linkedin
Swift to 'name and shame' banks who fail to meet security standards

Swift to 'name and shame' banks who fail to meet security standards

28 September 2016  |  7770 views  |  1 comments | 16 tweets | 22 linkedin
Swift unveils tool to help banks spot fraudulent transfers

Swift unveils tool to help banks spot fraudulent transfers

20 September 2016  |  7060 views  |  3 comments | 10 tweets | 7 linkedin
Swift presses banks on security as more hacks surface

Swift presses banks on security as more hacks surface

31 August 2016  |  8292 views  |  0 comments | 20 tweets | 30 linkedin
Swift calls in outside help to shore up cyber defences

Swift calls in outside help to shore up cyber defences

11 July 2016  |  6579 views  |  0 comments | 7 tweets | 17 linkedin
Swift's Perez-Tasso warns of defining cybersecurity moment

Swift's Perez-Tasso warns of defining cybersecurity moment

16 June 2016  |  8553 views  |  0 comments | 8 tweets | 15 linkedin
Swift to review strategy in wake of cyber attacks

Swift to review strategy in wake of cyber attacks

03 June 2016  |  12399 views  |  4 comments | 19 tweets | 24 linkedin
Symantec traces Swift attacks to North Korea

Symantec traces Swift attacks to North Korea

27 May 2016  |  7712 views  |  0 comments | 11 tweets | 9 linkedin
Swift outlines new security protocols as crisis escalates

Swift outlines new security protocols as crisis escalates

24 May 2016  |  9598 views  |  5 comments | 11 tweets | 30 linkedin
As details of third attack emerge, Swift calls on banks to report hacks

As details of third attack emerge, Swift calls on banks to report hacks

20 May 2016  |  7767 views  |  0 comments | 17 tweets | 10 linkedin
Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

13 May 2016  |  11391 views  |  5 comments | 11 tweets | 20 linkedin
Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  7599 views  |  2 comments | 5 tweets | 18 linkedin
Iranian banks get green light to reconnect to Swift

Iranian banks get green light to reconnect to Swift

18 January 2016  |  5938 views  |  1 comments | 15 tweets | 4 linkedin
France calls for Swift payments data access in fight against terrorism

France calls for Swift payments data access in fight against terrorism

24 November 2015  |  7662 views  |  1 comments | 13 tweets | 12 linkedin
Nuclear agreement sees Iran return to Swift fold

Nuclear agreement sees Iran return to Swift fold

14 July 2015  |  5809 views  |  0 comments | 7 tweets | 4 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.worldpaymentsreport.comdownload the paper nowvisit www.niceactimize.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
7352 views comments | 21 tweets | 22 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
7231 views comments | 19 tweets | 23 linkedin
hands typing furiouslyWhy Blockchain Might Not Be The Future For...
5971 views 1 | 5 tweets | 3 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
5809 views comments | 10 tweets | 7 linkedin
Apple sidelined as Beijing transit system launches payments appApple sidelined as Beijing transit system...
5796 views comments | 11 tweets | 9 linkedin

Featured job

Competitive
New York, NY - USA (some flexibility on location)

Find your next job