hacking – Page 1310 – STE WILLIAMS

Tuesday review – the hot 22 stories of the week

library
crime | hacking | security

Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time.

Monday 10 April 2017

Tuesday 11 April 2017

Wednesday 12 April 2017

Thursday 13 April 2017

News, straight to your inbox

Would you like to keep up with all the stories we write? Why not sign up for our daily newsletter to make sure you don’t miss anything. You can easily unsubscribe if you decide you no longer want it.

Follow @NakedSecurity

Image of days of week courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/YLf2u2FzM0M/

That apple.com link you clicked on? Yeah, it’s actually Russian

library
crime | hacking | security

Click this link (don’t fret, nothing malicious). Chances are your browser displays “apple.com” in the address bar. What about this one? Goes to “epic.com,” right?

Wrong. They are in fact carefully crafted but entirely legitimate domains in non-English languages that are designed to look exactly the same as common English words. The real domains for the two above links are: xn--80ak6aa92e.com and xn--e1awd7f.com.

In quick testing by El Reg, Chrome 57 on Windows 10 and macOS 10.12, and Firefox 52 on macOS, display apple.com and epic.com rather than the actual domains. We’re told Chrome 57 and Firefox 52 are vulnerable while Safari and Internet Explorer are in the clear. Bleeding-edge Chrome 60 on macOS 10.12 was not vulnerable.

This domain disguising, which tricks people into visiting a site they think is legit but really isn’t, is called a “homograph attack” – and we were supposed to have fixed it more than a decade ago when the exact same problem was noticed with respect to the address “paypal.com.”

So what is this, how does it work, and why does it still exist?

Well, thanks to the origins of the internet in the United States, the global network’s addressing systems were only designed to handle English – or, more accurately, the classic Western keyboard and computer ASCII text.

The limitations of this approach became apparent very soon after people in other countries started using the domain name system and there was no way to represent their language.

And so a lengthy and often embarrassingly tone-deaf effort was undertaken by largely American engineers to resolve this by assigning ASCII-based codes to specific symbols. Unicode became “Punycode.”

There may be trouble ahead…

The trouble – which was first noted way back in 2001 – is that some letters in other languages like Cyrillic are different but look almost identical. You can get identical-looking versions of “a”, “B”, “c”, “i”, “l”, “O” and “p,” among others.

So by combining the codes for these other letters with non-coded letters you can appear to spell out a word like “apple,” therefore tricking people into visiting a different website from the one they think they are visiting.

Needless to say, the organization in charge of overseeing the domain name system, US-based ICANN, took this seriously and put out a warning back in 2005 on what it termed “homograph attacks.” The world’s DNS overseer stated:

ICANN is concerned about the potential exacerbation of homograph domain name spoofing as IDNs [internationalized domain names] become more widespread, and is equally concerned about the implementation of countermeasures that may unnecessarily restrict the use and availability of IDNs.

And so it turned to its community of internet engineers and policy makers and opened a formal comment forum to come up with “countermeasures” and “improve public protection from abusive use of domain names.”

That was 12 years ago. What’s happened since?

Not much, it seems. The comment forum that ICANN opened received just three comments and was archived in 2006. Statements put out by internet organizations including CENTR and APTLD have long since been lost thanks to broken hyperlinks.

I can’t hear you

The internet community appears to have just wished the problem away. Unfortunately, it was still there. So five years later, in 2010, and then again in 2011, it reappeared.

This time spammers had started using the technique to get people to click on their links by providing what looked like legitimate domain names. The one that caught everyone’s attention was a Cyrillic version of “paypal.com” that was really “raural.com,” but looked the same.

The problem had grown because of ICANN’s own expansion of the IDN space. The organization was under significant pressure from governments around the world who were very happy with the speed of progress at the US-based and American-dominated organization in adding their languages to the internet’s infrastructure.

For its own self-preservation, ICANN approved a “fast track” of new IDNs, but the issue of homograph attacks appears to have been left untouched. ICANN is in a position to develop new policies that would then likely be adopted by other organizations that make up the internet eco-system – but it appears to have chosen not to bother.

Browser manufacturers have been similarly lazy:

Most have introduced a system for people to report phishing websites, which it then uses to provide a warning if users visit that site.
Firefox places some restrictions on mixing different language scripts in an effort to limit the abuse.
Apple and Safari have simply provided online guides for how to turn IDNs off.

However, even though some browsers responded back in 2010 by turning off IDNs as a default, it appears that at some point a browser update has set the default back to on.

Policy?

In terms of actual policy changes, the last activity we saw was a group working on “universal acceptance” at a domain name conference back in 2015 that would enable all internationalized domains to work across the internet.

That group was being given informal support from ICANN, as well as Google, but has made limited progress thanks to a lack of resources. Part of that group’s work was to figure out how to minimize the impact of phishing through IDNs.

As to what you can do to mitigate being tricked by their coding issue: the best solution, unfortunately, is to simply turn off support for IDNs in your browser.

ICANN’s webpage on the topic hasn’t been updated since September 2015. We prodded ICANN for any information on current efforts to tackle homograph attacks. A spokesperson told The Reg:

ICANN is as concerned as ever about malicious use of the DNS via phishing. We have not changed our rules for what contracted TLDs are allowed to delegate in their zones. The recently described attacks are no different than the ones ICANN has been looking at since the addition of IDNs in 2003.

In the meantime, ICANN is coming toward the end of another lengthy policy process that would allow or block the use of country codes – like “us” for the United States or “de” for Germany – in the hundreds of new top-level domains that ICANN has approved in the past few years. These have contributed hundreds of millions of dollars to the small Los Angeles-based organization.

It should be noted however that the policy only covers ASCII text – ie, the English keyboard. Fifteen years on from the first warning of homograph attacks using non-English characters, it seems that some priorities never change. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/18/homograph_attack_again/

6 New Security Startups Named to MACH37 Spring Cohort

library
crime | hacking | security

The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.

Image Source: Mach37

The spring class of the MACH37 Cyber Accelerator has been announced, and this group of six startup companies brings in technical talent from Silicon Valley to Eastern Europe as well as new companies from Italy and France.

Sponsored by the state of Virginia’s nonprofit corporation, the Center for Innovation Technology, the six startups receive a $50,000 grant to develop and launch their ideas into tangible companies. Top officials and CEOs from the companies attend a three-month program that guides these top technical people on the mechanics of launching a security business.

Rick Gordon, managing partner at MACH37, said these six companies bring to a total of 46 the number of cybersecurity companies MACH37 has helped launch since the program started in 2013.

“What’s new this year is that we’ve had a number of entries from other places,” Gordon said. “All of them had a strong desire to come to Virginia to launch their companies. We like to think that from Howard County, Maryland, to Loudon County here in Virginia there’s more cyber talent than just about anywhere else on the planet.”

This spring’s program will conclude on June 13 with a Demo Day in which the companies will have a chance to pitch their ideas to a group of external mentors, investors and stakeholders. Dark Reading met with representatives of the six companies earlier this week. The following slideshow offers a short overview of each company’s technology and contact information.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: http://www.darkreading.com/endpoint/6-new-security-startups-named-to-mach37-spring-cohort/d/d-id/1328636?_mc=RSS_DR_EDT

Man Admits Hacking into His Former Employer’s Network

library
crime | hacking | security

Tennessee man pleads guilty in federal court, acknowledging he illegally accessed his former employer’s networks to gain an edge over his rival.

A Tennessee man last Friday pleaded guilty to illegally hacking into his former employer’s computer networks for nearly a two-year period and pilfering proprietary business information worth roughly $425,000, according to an announcement Friday by the Department of Justice.

Jason Needham, 45 and co-owner of HNA Engineering, admitted to illegally accessing the computer networks of his former employer Allen Hoshall, an engineering company and competitor to his firm.

During the two-year period, Needham repeatedly infiltrated Allen Hoshall’s servers to download digitally rendered engineering diagrams, as well as more than 100 project proposals and documents relating to his competitor’s budget. Needham also acknowledged he hacked into the email of a former colleague at Allen Hoshall, which provided him access to information about the company’s marketing plans, project proposals, and fee structures, as well as rotating account credentials for Allen Hoshall’s in-house document–sharing system.

Needham is scheduled for sentencing on July 14 in a Tennessee US District Court.

Read the DOJ release here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/endpoint/man-admits-hacking-into-his-former-employers-network/d/d-id/1328653?_mc=RSS_DR_EDT

Why Brand Trumps Tech in C-Level Conversations

library
crime | hacking | security

Brand reputation, not technical tools, should be the focus of the CIO’s conversations with board members about the importance of security.

CIOs have a spot at the executive table but struggle to hold security-focused conversations with people sitting around it. The problem: It’s tough to convey the importance of security before a major breach.

“Security is like life insurance,” says Larry Bonfante, founder at CIO Bench Coach. “Nobody cares about it until something has already happened.”

This “seat at the table” comes with the responsibility of knowing how to communicate with board members. Instead of explaining the nitty-gritty details of security tools, CIOs should step back to think about risk mitigation and brand reputation.

Companies can invest millions in security and attackers will still get in, Bonfante explains. Part of a CIO’s job is to evaluate the probability of an attack based on factors like geography and industry. When they know where the risk is highest, they can determine how much to invest, where to invest it, and how to explain that risk to board members.

The key is to frame risk in a certain way so leaders understand why attackers would specifically target them. If the business understands a risk, they’ll increase the budget to fight it.

Bonfante explains his argument in the context of the US Open. With 70,000 people in attendance, broad media coverage, and location in a major city, it’s easy to see why such a major event would be a “prime target.” Unfortunately, he says, many leaders wouldn’t view the situation from a similar perspective.

Brand reputation is powerful leverage in conversations about risk. CIOs should view themselves as educators and elevate the conversation about reputation, not about technology, Bonfante explains.

A CIO’s goal should not be to help business leaders understand the latest DDoS attack happened, or how a new firewall will work, but the effects attack could potentially have on their organization. Companies value brand reputation. In the case of the US Open, an attack could mean fewer attendees in future years — and a significant drop in profit.

“Nobody thinks it’s going to happen to them,” says Bonfante of security breaches. “Make them understand that this really does happen; that dark consequences could happen.”

Security discussions are getting easier as more major breaches are publicized, but most CIOs still face pushback from enterprise teams when voicing their concerns. Each year, they will need to remind people about the risks they face and keep concerns on their radar.

“It’s not a one-time sell,” Bonfante continues. “It’s a constant sell, it’s a constant education process, and you never get as much as you want.”

He explains how CIOs may be required to speak in terms the business will understand, but there isn’t a similar expectation for board members to learn technical terms. If they want to communicate risks to the business, CIOs are entirely responsible for shaping the conversation.

While technology shouldn’t lead these discussions, Bonfante recommends being prepared with the technical details of threats and tools — just in case.

[Larry Bonfante will be speaking about “Competencies of the new CIO” during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]

Related Content

Kelly is an associate editor for InformationWeek. She most recently reported on financial tech for Insurance Technology, before which she was a staff writer for InformationWeek and InformationWeek Education. When she’s not catching up on the latest in tech, Kelly enjoys … View Full Bio

Article source: http://www.darkreading.com/risk/why-brand-trumps-tech-in-c-level-conversations/d/d-id/1328638?_mc=RSS_DR_EDT

The Second Coming of Managed File Transfer Has Arrived

library
crime | hacking | security

Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.

There’s a lot to be excited about in technology today. Innovations in areas such as artificial intelligence, the Internet of Things, robotics, cloud computing, data analytics, and mobility are just a few of the categories that are transforming the way we do business. And yet, even as we laud the visionaries who are working on the next big thing, there’s a lot of rock-solid traditional tech taking on the day-to-day dirty work that doesn’t get much attention even though businesses rely on it. Every day I am treated to an up-close-and-personal view of that world.

As vice president of engineering for a company that develops managed file transfer (MFT) technology (as do many other vendors), I know we’re not in the most disruptive of segments, but I also know how many organizations rely on MFT. MFT is a foundational technology. Organizations use it to securely exchange data and efficiently execute the business-critical tasks that come under the thumb of today’s complex data regulations.

These days, “regulated” organizations include most companies in all industries, not just the ones we think of first, like financial services, healthcare, and retail. Any organization that collects and stores information about people qualifies to some degree, of course. Think about the kind of information a large chain store or fast-food restaurant handles every day; whether it is human resources and payroll data or customer transactions, there’s a lot at risk if those files are intercepted or compromised in some way.

There is also a growing awareness about the organizational need to protect intellectual property, especially as supply chains, distribution channels, and partner networks grow more complex. The same is true for the manufacturers that source and distribute parts and materials from all over the world, including automotive and semiconductor makers. It’s not just about protecting trade secrets; it’s about protecting critical business processes. The reliable, efficient, and secure flow of data is table stakes for businesses today.

Another industry that recognizes the need to jealously guard their product integrity is entertainment. Multimillion-dollar blockbuster movies, for example, rely on an efficient digital production chain — including production, post-production, and distribution — operating on tight deadlines. Files shot in a remote location may need to be shared in a collaborative environment with teams distributed around the world before final editing in a California studio. Every step of the journey necessitates the secure, reliable movement of large files containing highly sensitive, high-value information to protect investments and keep to schedule. There’s simply too much at stake to cut corners.

MFT might be a mature technology — but today, it’s more relevant and important than ever.

Foundational Pieces
What MFT technology does is centered on security, compliance, authentication, and integration, which are crucial in today’s innovation and technology-driven environment. These are foundational pieces for organizations that understand the risks of failure and the importance of addressing those risks proactively. Whether working to satisfy regulators or demanding studio bosses, falling short of the mark means financial and reputational damage. Neither outcome is acceptable.

This isn’t to say that only large, complex global organizations need worry about such things. There is no size limit for compliance. The Health Insurance Portability and Accountability Act, for example, applies to the private clinic with a country doctor and associated staff as much as it does for the regional hospital network operating a dozen bustling hospitals.

[Check out the two-day Dark Reading Cybersecurity Crash Course at Interop ITX, May 15 16, where Dark Reading editors and some of the industry’s top cybersecurity experts will share the latest data security trends and best practices.]

Hackers, after all, aren’t concerned about the size of their target if the objective is worthwhile. Many medical organizations fall into the small- to medium-sized business (SMB) category, but they deal with a lot of sensitive and high-value information. It can be a challenge to help SMBs recognize their risk and responsibility. Recently, the FBI issued a warning that hackers were targeting medical and dental offices still using unsecured file transfer protocol (FTP) servers to store and transfer protected health information and personally identifiable information.

We find that kind of situation often — the presence of a rogue FTP server operating in the dusty corner of a server room somewhere. It works, so no one has bothered to do anything to change it. Or maybe a change was made and a well-meaning employee “upgraded” to a consumer-grade file sharing service. Although it may have seemed like a good idea at the time, it could end up costing a lot in the long run.

There’s a reason why consumer-based file sharing and collaboration services are so popular; they’re easy to use and they work well at an attractive price point. However, when you’re dealing with important business transactions that involve sensitive information, it’s important to pick the right tool for the job. MFT excels with back-office integration, whereas consumer-based services don’t work with most process automation structures. Add in other required and MFT-enabled tasks such as process automation, deduplication, data extraction, and other transactional integrations, and you’ll find that MFT platforms can go a long way toward minimizing the element of human error — an important and overlooked part of risk-mitigation.

MFT has long been an essential element within an IT environment, but now more than ever MFT is a crucial element to managing your data securely and effectively. The age of MFT has come again.

Related Content:

Greg Hoffer is Vice President of Engineering at Globalscape, where he leads the product development teams responsible for the design and engineering of all of Globalscape’s products. In more than 12 years of service to the company, Greg has overseen the creation of … View Full Bio

Article source: http://www.darkreading.com/application-security/the-second-coming-of-managed-file-transfer-has-arrived-/a/d-id/1328612?_mc=RSS_DR_EDT

Microsoft Fixed Windows Vulns Before Shadow Brokers Dump

library
crime | hacking | security

Microsoft reports the Windows exploits released by Shadow Brokers had already been fixed in earlier patches.

Microsoft claims it addressed Windows exploits, released last week in a Shadow Brokers dump, in patches ahead of the leak.

Last Friday the Shadow Brokers released a series of Windows exploits allegedly belonging to the National Security Agency (NSA). Months ago, the group attempted to sell a database of Windows exploits, but quit after failing to secure buyers.

Its latest dump includes code indicating the NSA may have accessed the SWIFT interbank system, which would have enabled it to spy on messaging activity among global banks. At the time of the leak, many reports suggested Windows operating systems could be vulnerable to attack.

In a blog post published April 14, Microsoft reports it looked into the exploits disclosed by Shadow Brokers and discovered most of them had already been addressed in March updates.

“Customers have expressed concerns around the risk this disclosure potentially creates,” wrote Phillip Misner of the Microsoft Security Response Center (MSRC). “Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.”

The three exploits not addressed in the patch cannot be reproduced on supported systems, meaning users running Windows 7 and above, or Exchange 2010 and above, are not at risk. Those using earlier versions of either are advised to upgrade.

Microsoft has not disclosed how it became aware of the vulnerability. The company claims it was not contacted by the government with information about the exploits.

“Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” it reported to Reuters.

It’s worth noting that the NSA knew about the Shadow Brokers breach for months, the report continues. As per a government process created by staff of President Barack Obama, companies have typically been warned about major vulnerabilities.

Some industry experts have stated that the proximity of the fixes and the data dump is too close to be coincidental, and have begun to speculate upon how Microsoft knew about the exploits one month before the leak. Some say the NSA may have tipped off Microsoft to the leak; others suggest Microsoft secretly paid Shadow Brokers for the vulnerabilities, reports Ars Technica.

6 New Security Startups Named to Mach37 Spring Cohort

library
crime | hacking | security

The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.

Image Source: Mach37

The spring class of the Mach37 Cyber Accelerator has been announced, and this group of six startup companies brings in technical talent from Silicon Valley to Eastern Europe as well as new companies from Italy and France.

Rick Gordon, managing partner at Mach37, said these six companies bring to a total of 46 the number of cybersecurity companies Mach37 has helped launch since the program started in 2013.

This spring’s program will conclude on June 13 with a Demo Day in which the companies will have a chance to pitch their ideas to a group of external mentors, investors and stakeholders. Dark Reading met with representatives of the six companies earlier this week. The following slideshow offers a short overview of each company’s technology and contact information.

Article source: http://www.darkreading.com/endpoint/6-new-security-startups-named-to-mach37-spring-cohort/d/d-id/1328636?_mc=RSS_DR_EDT

Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8

library
crime | hacking | security

Analysis The Shadow Brokers have leaked more hacking tools stolen from the NSA’s Equation Group – this time easy-to-use exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8.

The toolkit puts into anyone’s hands – from moronic script kiddies to hardened crims – highly classified nation-state-level weaponry to compromise and commandeer possibly millions of systems around the world. This is the same powerful toolkit Uncle Sam uses to hack into and secretly snoop on foreign governments, telcos, banks, and other organizations.

The files range from Microsoft Windows exploits to tools for monitoring SWIFT interbank payments. Ongoing analysis of the leaked documents and executables has revealed Cisco firewalls and VPN gateways are also targets.

The Shadow Brokers tried auctioning off the stolen cyber-weapons to the highest bidder, but when that sale flopped with no buyers, the team started releasing the gear online for free anyway.

“The shadow brokers not wanting going there. Is being too bad nobody deciding to be paying the shadow brokers for just to shutup and going away,” the group said in a typically garbled blog post.

“The Shadow Brokers rather being getting drunk with McAfee on desert island with hot babes. Maybe if all suviving WWIII the shadow brokers be seeing you next week. Who knows what we having next time?”

For IT managers and normal folks, the Windows-hacking arsenal, which dates to around mid-2013, is the most worrying. It contains exploits for vulnerabilities – including at least four zero-day flaws for which no security patches yet exist – that can be used to hack into at-risk Windows systems, from Windows 2000 to Windows 8 and Server 2012. In some cases this can be done across the network or internet via SMB, RDP, IMAP, and possibly other protocols.

If you have a vulnerable machine with those services running, it is possible they can be hijacked using today’s dumped tools – if not by strangers on the ‘net then potentially by malicious employees or malware already on your network. If you’re running the latest up-to-date gear, such as Windows 10, none of this will directly affect you. We have a sneaking suspicion that Uncle Sam’s foreign espionage targets aren’t exactly the types to keep all their systems bang up to date.

The leaked archive also contains the NSA’s equivalent of the Metasploit hacking toolkit: FUZZBUNCH.

Matthew Hickey, cofounder of British security shop Hacker House, told The Register FUZZBUNCH is a very well-developed package that allows servers to be penetrated with a few strokes of the keyboard. The toolkit has modules to install a backdoor on invaded boxes to remote control the gear and romp through file systems.

“This is a nation-state toolkit available for anyone who wants to download it – anyone with a little bit of technical knowledge can download this and hack servers in two minutes,” Hickey said. “It’s as bad as you can imagine.”

He pointed out that the timing of the release – just before Easter – is also significant. With much of the Western world taking it easy on Zombie Jesus weekend, many companies will be caught short by the dumped cache of cyber-arms.

It looks as though the NSA is keeping up with its habit of amusing nomenclature. The files include an exploit dubbed ENGLISHMANSDENTIST, which appears to trigger executable code on users’ desktops via Outlook clients.

Other examples include but are not limited to:

ESKIMOROLL, a Kerberos exploit targeting Windows 2000, Server 2003, Server 2008 and Server 2008 R2 domain controllers.
EMPHASISMINE, a remote IMAP exploit for later versions of Lotus Domino.
ETERNALROMANCE, a remote SMB1 network file server exploit targeting Windows XP, Server 2003, Vista, Windows 7, Windows 8, Server 2008, and Server 2008 R2. This is yet another reason to stop using SMB1 – it’s old and vulnerable.
ETERNALBLUE, another SMB1 and SMB2 exploit. Below is a video showing ETERNALBLUE compromising a Windows 2008 R2 SP1 x64 host via FUZZBUNCH to install a remote command execution tool called DOUBLEPULSAR.

Here is a video showing ETERNALBLUE being used to compromise a Windows 2008 R2 SP1 x64 host in under 120 seconds with FUZZBUNCH #0day ;-) pic.twitter.com/I9aUF530fU

— Hacker Fantastic (@hackerfantastic) April 14, 2017
ETERNALCHAMPION, another SMB2 exploit.
ERRATICGOPHER, an SMB exploit targeting Windows XP and Server 2003.
ETERNALSYNERGY, a remote code execution exploit against SMB3 that potentially works against operating systems as recent Windows Server 2012.
EMERALDTHREAD, an SMB exploit that drops a Stuxnet-style implant on systems.
ESTEEMAUDIT, a remote RDP exploit targeting Windows Server 2003 and Windows XP to install hidden spyware.
EXPLODINGCAN, a Microsoft IIS 6 exploit that exploits WebDav on Server 2003 only.

Microsoft had no comment on the leaks at time of publication, but its engineers should be scrambling to fix the flaws exploited by the tools, where they can. Most of the exploited software is no longer officially supported. Given Redmond’s increasingly secretive approach to patching, we hope they’ll be more open about upcoming updates to address the NSA-exploited security holes.

SWIFT on insecurity

The second directory is labelled SWIFT but doesn’t include tools to hack the interbank payments system directly. Rather it enables the surveillance of payments that go through service bureaus used by SWIFT’s banking customers.

“SWIFT is aware of allegations surrounding the unauthorized access to data at two service bureaus,” a spokesperson for the group told The Reg.

“There is no impact on SWIFT’s infrastructure or data, however we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties. We have no evidence to suggest that there has ever been any unauthorized access to our network or messaging services.”

The data appears to originate in September 2013 and details how operatives could penetrate the firewalls and monitor the transactions of the largest SWIFT Service Bureau of the Middle East, called EastNets.

The EastNets hack was dubbed JEEPFLEA_MARKET and includes PowerPoints of the company’s network architecture, passwords for the system, and thousands of compromised employee accounts from different office branches.

The attackers installed bypasses in the company’s firewalls and then worked through two management servers to set up monitoring stations on nine of their transaction servers, and presumably fed that data back to analysts.

“While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way,” said Hazem Mulhim, CEO of EastNets in a statement.

“EastNets continues to guarantee the complete safety and security of its customers’ data with the highest levels of protection from its SWIFT certified Service bureau.”

A second weapon, called JEEPFLEA_POWDER, targeted an EastNets partner in Venezuela and Panama called BCG Business Computer Group. Administrator accounts were targeted using attack code dubbed SECONDATE and IRONVIPER. No data was collected at the time, according to the slides in the dump.

It’s not surprising that the NSA would be targeting banks in the Middle East – given the terrorist threat and the 14-year war the US has been fighting in the regions – and its focus on Venezuela and Panama could be related to drug money or the US’ somewhat rocky relationship with both countries.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/14/latest_shadow_brokers_data_dump/