New NSA leak may expose its bank spying, Windows exploits

Since, by their own admission, the hacker group has not been paid by anyone to “shutup [sic] and going [sic] away”, they have released another cache of tools, this time targeted at Windows systems.

Along with the tools the group also published presentations and files purporting to detail the agency’s methods of carrying out clandestine surveillance.

The NSA, which did not respond to emails, has previously shown interest in targeting SWIFT, according to documents leaked by former intelligence contractor Edward Snowden, and Suiche said other documents in the release suggested an effort to monitor the world’s financial transactions that went beyond EastNets. Microsoft acknowledged the vulnerabilities and said they had been patched.

The newly leaked NSA files suggest that the agency may have hacked into SWIFT’s network via service bureaus, which are firms that provide smaller clients with access points to the SWIFT system.

This meant that “customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk”.

Researchers are sifting through the heaps of leaked files determining their legitimacy and capabilities. Banks in Bangladesh and Ramallah, Palestine were targeted, he indicated, regarding the released materials.

Microsoft declined to say how it learned of the exploits without outside help.

What makes the exploits a particularly big problem is that older versions of Windows Server remain widely used.

An SMBv3 remote code execution flaw in Windows 8 and Server 2012, which Microsoft says it patched via the same MS17-010.

And while little is known about the so-called OddJob implant, it appears to have exploits for nearly every version of Windows 2000 and later, including some server editions, some of which may still work. ‘I have been able to hack pretty much every Windows version here in my lab using this leak’. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.

The revelation that none of the highly advanced exploits work against supported Microsoft products brings a measure of relief to some of the more dire warnings sounded 24 hours earlier. These so-called zero-day vulnerabilities are closely guarded secrets to allow analysts to carry out surveillance.

Since their emergence, they appear to have had little to no success selling their pilfered tools and instead have begun to release the actual tools they had claimed to be trying to auction off.

Microsoft said it has already patched vulnerabilities revealed in Friday’s high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they’ve kept their software up-to-date.

An email to the NSA’s press office was not returned.