Alleged NSA hack of Swift service bureau revives ‘back door’ debate – Information Management

Category: NSA

Reports that the National Security Agency infiltrated bank servers through a Swift service bureau highlight a recurring concern for financial institutions about the unintended consequences of U.S. government snooping.

The leaks that came out late last week from a hacking collective called Shadow Brokers indicate that the NSA exploited vulnerabilities in Microsoft Windows systems to break into servers at EastNets, a Dubai company that provides outsourced Swift connectivity to 260 financial institutions and corporations.

From there, Shadow Brokers documents suggest, the NSA was able to access computers used by some Middle Eastern bank members of Swift, the Society for Worldwide Interbank Financial Telecommunication. The NSAs goal, according to The New York Times, was to track money movements and thereby gain insight into potential terrorist groups or government officials.

The most immediate danger for U.S. banks (and any Windows user, for that matter) that the weaknesses in Microsoft code still exist, rendering every internet-connected computer running Windows open to hacking has passed. Microsoft said patches for all the vulnerabilities were issued more than a month ago, so any company that is up to date on Windows patching is safe from these.

But the U.S. governments insistence on using so-called back doors to access financial and customer information remains a concern. The same tools the NSA uses to prop open doors to such information could be used by cybercriminals and nation-states with more sinister motives. And it also raises privacy issues for companies and consumers that dont want the government watching their every move.

Governments are constantly going after different networks for espionage and national security purposes, said John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center, an industry trade group. Thats a reality we recognize.

The NSA headquarters in Fort Meade, Maryland. A financial industry cybersecurity trade group is "asking for clarification" from the agency about undisclosed software vulnerabilities it may be exploiting.The FS-ISAC, whose more than 7,000 financial services members share information with each other about cyberthreats, does not have an official position on whether the NSA should be using back doors for this type of monitoring, but Carlson noted the instabilities this kind of activity causes.

We would want the government to disclose zero days a type of vulnerability in software "so those can be fixed and mitigated, he said. Theres been dialogue in the past about governments buying up zero days so they can use them for espionage and national security purposes; that puts information at risk.

Asked if the FS-ISAC was talking to the NSA about this, Carlson said: Were asking for clarification. We havent gotten answers. (The spy agency did not respond to an email from American Banker requesting comment.)

Concerns about back doors came up last year when the FBI wanted Apple to give it a key to unlock all iPhones, ostensibly for the sole purpose of viewing the San Bernardino shooters calls. Apple refused, and the government found another way to unlock the phone.

It also arose in the financial industry two years ago when a startup software company called Symphony balked at providing regulators with a back door to the instant messages of its Wall Street clients. (They worked out an agreement through which a copy of all messages is kept by a third party.)

Traces of spyware

Shadow Brokers leaked a spreadsheet on Friday that indicates the NSA was able to access and infect with its spyware computers run by several bank clients of EastNets, including Qatar First Investment Bank, Tadhamon International Islamic Bank and Noor Islamic Bank.

Later the same day, EastNets issued a statement denying it had been hacked.

Reports of an alleged hacker-compromised EastNets Service Bureau network are totally false and unfounded, the company said in its press release. The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities.

The firm said its Swift service runs on a separate secure network that cannot be accessed over public networks.

The photos shown on Twitter, claiming compromised information, are about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013, EastNets stated. It said it can confirm that no customer data was compromised in any way.

EastNets continues to guarantee the complete safety and security of its customers' data with the highest levels of protection from its SWIFT certified Service bureau," Hazem Mulhim, CEO and founder of EastNets, said in the statement.

The hacking tools that Shadow Brokers said the NSA used to monitor the Middle Eastern banks also appear to be outdated. The group pointed to seven vulnerabilities in Microsoft Windows software that were used to break into servers.

In a blog post early Saturday, Microsoft said those vulnerabilities had all been patched more than a month earlier. (Deviating from its normal practice, Microsoft did not disclose who found the vulnerabilities. This has led to speculation about possible collusion between the NSA and Microsoft.)

Microsoft declined to comment further. EastNets could not line up an executive by deadline.

In a statement provided midday eastern time Monday, Swift said it has "no evidence to suggest that there has ever been any unauthorised access to our network or messaging services.

Persistent vigilance

For now, the industry is watching this case closely.

Were still trying to understand the impact to the financial sector, said Carlson at the FS-ISAC.

We think the potential impact of the disclosures to this sector is relatively low but warrants attention," Carlson said. "Well be playing close attention to this.

Bankers, he said, should keep their systems up to date in the meantime.

Its very important to make sure all their systems are patched and that third-party providers patch their systems as well, Carlson said. There may be patches individual firms have not executed.

He also stressed the importance of having layered defense and redundant systems.

The biggest buzzword would be persistent vigilance, Carlson said. You have to be constantly vigilant about these kinds of threats. Adversaries will be looking to exploit any vulnerability out there and its up to firms to be constantly on guard, educating users on best way to defend the organization. Its part and parcel of our digital economy.

Penny Crosman is Editor at Large at American Banker.

Go here to see the original:
Alleged NSA hack of Swift service bureau revives 'back door' debate - Information Management

NSA: stereotyping, ethnic profiling can weaken intelligence gathering - The Nation Newspaper - April 7th, 2026 [April 7th, 2026]
Former NSA John Bolton says Pentagon would have told President Trump about Iran closing the Strait of Hormuz beforehand - indica News - April 5th, 2026 [April 5th, 2026]
Trump Thought This Would Be Easier: Former NSA John Bolton Exposes US Presidents Unprepared War Strategy - Republic World - April 5th, 2026 [April 5th, 2026]
Dog owners urged to take responsibility as NSA ramps up sheep worrying campaign - Hexham Courant - April 5th, 2026 [April 5th, 2026]
Dog owners urged to take responsibility as NSA ramps up sheep worrying campaign - The Scottish Farmer - April 5th, 2026 [April 5th, 2026]
'Dhurandhar 2 sets a new benchmark, it's going to be very difficult for anyone to match up': Former deputy NSA of India | Bollywood - Hindustan Times - April 1st, 2026 [April 1st, 2026]
Rethinking the NSA Office beyond security coordination - The Nation Newspaper - April 1st, 2026 [April 1st, 2026]
The $15 Billion Post-Quantum Migration: NIST Standards Are Final, NSA Deadlines Are Set, and Enterprise Cybersecurity Is About to Be Rebuilt from the... - April 1st, 2026 [April 1st, 2026]
NSA kicks off sheep worrying awareness week - Agriland.co.uk - April 1st, 2026 [April 1st, 2026]
Regime change only way to tackle Iran threat, says former US NSA John Bolton - CNBC TV18 - March 30th, 2026 [March 30th, 2026]
The command centre: Why Nigerias NSA must evolve beyond coordination - guardian.ng - March 30th, 2026 [March 30th, 2026]
Former NSA chiefs worry American offensive edge in cybersecurity is slipping - CyberScoop - March 28th, 2026 [March 28th, 2026]
NSA and ASDs ACSC Release Joint Guidance on LEO SATCOM System Risks and Mitigations - National Security Agency (.gov) - March 28th, 2026 [March 28th, 2026]
New NSA director pushes for more intel-sharing with allies in internal meeting - Nextgov/FCW - March 28th, 2026 [March 28th, 2026]
"Trump Is Transactional, Doesn't Think Strategically": Former US NSA - NDTV - March 28th, 2026 [March 28th, 2026]
Former NSA John Bolton urges Trump to cut Irans oil revenue after PM Modi call - The Indian EYE - March 28th, 2026 [March 28th, 2026]
$HAREHOLDER ALERT: The M&A Class Action Firm Is Investigating The MergerULY, NSA, CTRA, and FONR - WBOC TV - March 28th, 2026 [March 28th, 2026]
Rethinking the command centre: Why Nigerias NSA must evolve beyond coordination - The Sun Nigeria - March 28th, 2026 [March 28th, 2026]
Constitutional freedoms cannot be exercised at the cost of human lives: Allahabad HC upholds preventive detention order under NSA - SCC Online - March 28th, 2026 [March 28th, 2026]
Next Generation Shepherd of the Year Competition opens for NSA Scotsheep 2026 - The Scottish Farmer - March 28th, 2026 [March 28th, 2026]
NSA (NSA) explains vesting, prorated FY2026 bonus and severance in merger with Public Storage - Stock Titan - March 20th, 2026 [March 20th, 2026]
Sergio Gor meets NSA Ajit Doval discussing geopolitical issues - The Indian EYE - March 20th, 2026 [March 20th, 2026]
National Storage Investor Alert: Kahn Swick & Foti, LLC Investigates Adequacy of Price and Process in Proposed Sale of National Storage Affiliates... - March 20th, 2026 [March 20th, 2026]
Public Storage to Buy NSA: Is This a Smart Growth Move for Investors? - TradingView - March 20th, 2026 [March 20th, 2026]
Was Russia an IMMINENT THREAT to US?: Rep Scott Perry grills NSA official on Ukraine war - The Economic Times - March 20th, 2026 [March 20th, 2026]
NSA invoked against prime accused Aslam in banned meat supply case - thehitavada.com - March 20th, 2026 [March 20th, 2026]
Watch | Indian Foreign Policy Confused; Were Not as Influential as We Used to Be: Former NSA - TheWire.in - March 20th, 2026 [March 20th, 2026]
Russia Or Iran? Trumps NSA Cornered in Senate Over Military Action in Iran As War Enters 4th Week - Oneindia - March 20th, 2026 [March 20th, 2026]
Need to Evolve The Office of the NSA Beyond Coordination to National Defence Strategy Nerve Centre - THISDAYLIVE - March 20th, 2026 [March 20th, 2026]
Halper Sadeh LLC is Investigating Whether UNF, NSA, ULY, MPX are Obtaining Fair Deals for their ... - Bluefield Daily Telegraph - March 20th, 2026 [March 20th, 2026]
Organized and technological: ICE resistance groups posing growing danger, warns former top NSA, DHS official - Fox News - March 18th, 2026 [March 18th, 2026]
Declassified Report Reveals NSA Broke Surveillance Rules - Project On Government Oversight - March 18th, 2026 [March 18th, 2026]
Gen. Joshua Rudd '93 confirmed as leader of U.S. Cyber Command, NSA; elevated to rank of general - Furman University - March 18th, 2026 [March 18th, 2026]
Public Storage to Buy NSA: Is This a Smart Growth Move for Investors? - Zacks Investment Research - March 18th, 2026 [March 18th, 2026]
National Storage (NSA) Climbs to Record High on $10.5-Billion Acquisition - Yahoo Finance - March 18th, 2026 [March 18th, 2026]
Organized and technological: ICE resistance groups posing growing danger, warns former top NSA, DHS official - WFIN - March 18th, 2026 [March 18th, 2026]
SHAREHOLDER ALERT: The M&A Class Action Firm Announces An Investigation of National Storage Affiliates Trust (NYSE: NSA) - PR Newswire - March 18th, 2026 [March 18th, 2026]
National Storage Affiliates Trust (NYSE:NSA) Rating Increased to Neutral at BNP Paribas Exane - MarketBeat - March 18th, 2026 [March 18th, 2026]
Is National Storage Affiliates Trust (NSA) Share Price Misaligned With Its DCF Estimate Today - Yahoo Finance - March 9th, 2026 [March 9th, 2026]
Interview with 2026 AFI NSA Naples Spouse of the Year, Dannielle Niewald - Stripes Europe - March 9th, 2026 [March 9th, 2026]
Iranian drones strike apartments in city thats home to NSA Bahrain - Stars and Stripes - March 7th, 2026 [March 7th, 2026]
"At this point, US win is going to be pretty elusive," says former US Principal Dy NSA Jon Finer on Iran... - lokmattimes.com - March 7th, 2026 [March 7th, 2026]
"Over next 5-10 years, you are likely to see emergence of new nuclear powers": Former US NSA official Jon... - lokmattimes.com - March 7th, 2026 [March 7th, 2026]
China tends to pursue strategy of staying on good terms with everyone: Former US NSA official Finer - ANI News - March 7th, 2026 [March 7th, 2026]
NSA (NSA) Executive Chair Fischer reports new OP unit awards and LTIP conversions - Stock Titan - March 4th, 2026 [March 4th, 2026]
Cyber retaliation from Iran is a problem for U.S. companies 'It's in the hands of a 19-year-old hacker in a Telegram room,' ex-NSA operative says -... - March 4th, 2026 [March 4th, 2026]
Ajit Doval Indias Most Useless NSA Ever Says Netizens: Zero Intel on Uri, Pulwama, Galwan, Iran War & More - indiaherald.com - March 4th, 2026 [March 4th, 2026]
Sheep Village Cynefin to be launched by RWAS and NSA at the Royal Welsh Show - Shropshire Star - March 4th, 2026 [March 4th, 2026]
Wyden blocks nominee to lead NSA and Cyber Command - Federal News Network - February 27th, 2026 [February 27th, 2026]
Wyden blocks Rudd confirmation to lead Cyber Command, NSA - The Record from Recorded Future News - February 27th, 2026 [February 27th, 2026]
NSA said to have seen security concerns in Grok - breakingthenews.net - February 27th, 2026 [February 27th, 2026]
NSA: Solid Q4 Beat and Favorable 2026 Outlook, But Cost Pressures and High Expectations Justify Hold Rating - TipRanks - February 27th, 2026 [February 27th, 2026]
Videotron and Samsung Expand Partnership Through 5G NSA and 4G LTE Core Gateway Deployment - samsung.com - February 24th, 2026 [February 24th, 2026]
Videotron Taps Samsung for Cloud-Native 5G NSA and LTE Core Gateway Solution - The Fast Mode - February 24th, 2026 [February 24th, 2026]
El-Rufai Demanded to Provide Evidence in NSA Hacking Claims - streamlinefeed.co.ke - February 24th, 2026 [February 24th, 2026]
DSS to arraign El-Rufai on Feb. 25 over alleged NSA phone interception - Businessday NG - February 24th, 2026 [February 24th, 2026]
Securus Technologies Supports Expansion of Sheriff-Led NSA I.G.N.I.T.E. Initiative to Improve Jail Safety and Reentry Outcomes - PR Newswire - February 7th, 2026 [February 7th, 2026]
NSA set to deal with defiant parties, politicians, supporters on integrity of democratic process - ThePointNG - February 7th, 2026 [February 7th, 2026]
Where NSA zero trust guidance aligns with enterprise reality - Help Net Security - February 4th, 2026 [February 4th, 2026]
UNG third in Division 1 of NSA cyber event - University of North Georgia - February 4th, 2026 [February 4th, 2026]
Green Beret Lieutenant General Joshua Rudd Tapped To Lead NSA and US Cyber Command - SOFREP - February 4th, 2026 [February 4th, 2026]
SC Flags Health Concerns, Urges Rethink on Sonam Wangchuks NSA Detention - The Morning Voice - February 4th, 2026 [February 4th, 2026]
What security teams need to know about the NSA's new zero trust guidelines - IT Pro - February 4th, 2026 [February 4th, 2026]
'India won't be bullied': NSA Ajit Doval told Marco Rubio that New Delhi would wait out Trump term for trade deal: Report - theweek.in - February 4th, 2026 [February 4th, 2026]
When Protest becomes a Threat: Inside the Supreme Court hearing on Sonam Wangchuks NSA detention - SabrangIndia - February 4th, 2026 [February 4th, 2026]
If NSA Commits Database Query Violations, But Nobody Audits Them, Do They Really Happen? - emptywheel - February 4th, 2026 [February 4th, 2026]
Army general tapped to lead NSA vows to follow the law if confirmed - Military Times - February 1st, 2026 [February 1st, 2026]
Overturned tractor-trailer shuts portion of Route 32 near NSA - WBAL-TV - February 1st, 2026 [February 1st, 2026]
Nominee to lead NSA backs controversial spying law - Defense One - February 1st, 2026 [February 1st, 2026]
NSA pick champions foreign spying law as nomination advances - The Record from Recorded Future News - February 1st, 2026 [February 1st, 2026]
NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines - National Security Agency (.gov) - February 1st, 2026 [February 1st, 2026]
Army General Tapped to Lead NSA Said He Doesnt Know Much About the Biggest NSA Controversy - The Intercept - February 1st, 2026 [February 1st, 2026]
Trump's pick to lead the NSA vows to follow the law if confirmed - ABC News - February 1st, 2026 [February 1st, 2026]
Trump's pick to lead the NSA vows to follow the law if confirmed - Oskaloosa Herald - February 1st, 2026 [February 1st, 2026]
Trump's pick to lead the NSA vows to follow the law if confirmed - The Derrick - February 1st, 2026 [February 1st, 2026]
Overturned tractor-trailer shuts westbound Maryland Route 32 near NSA exit, police say - WBAL News Radio - February 1st, 2026 [February 1st, 2026]
SC to hear plea against Sonam Wangchuks NSA detention on February 2 - The New Indian Express - February 1st, 2026 [February 1st, 2026]
Powys sheep sector to hear from Llyr Gruffydd at NSA meeting - County Times - February 1st, 2026 [February 1st, 2026]
NSA calls for consultation on castration and tail docking to involve sheep farmers - cravenherald.co.uk - January 24th, 2026 [January 24th, 2026]
NSA launches 13th annual survey for insight into cases of sheep worrying by dogs - Yahoo News UK - January 24th, 2026 [January 24th, 2026]

April 19th, 2017

No comments yet

Comments are closed.

Mediaboss Marketing

Alleged NSA hack of Swift service bureau revives ‘back door’ debate – Information Management

About

Pages

Categories

Media Sites

Recommended Sites

Archives