After Trump took unilateral military action against the Syrian government, many of those who had voted for him lashed out, accusing the President of bowing to pressure from the Military-Industrial complex and other pro-war interest groups that – overtly and covertly – direct U.S. government policy.
Among those criticizing the President were the hacking group known as the “Shadow Brokers,” who emerged last year after claiming to have stolen extensive amounts of information from the National Security Agency’s (NSA) cyber-espionage division, known as the Equation Group.
The secretive hacking group, in a blog post published on Medium, warned Trump to remember his “base” and warned him to revert to his campaign promises. In an apparent attempt to persuade the President to do just that, the hackers released access to what NSA whistleblower Edward Snowden called the agency’s “top secret arsenal of digital weapons.”
While some had speculated, at the time, that the Shadow Brokers had released all of the information they had stolen from the NSA, the hacking collective proved them wrong earlier this week when they released a new collection of files that Ars Technica dubbed “its most damaging release yet.”
The new leaks included several NSA hacking tools for attacking Windows machines as well as so-called “zero-day” exploits, several of which make use of previously unknown flaws in Windows systems.
“It is by far the most powerful cache of exploits ever released,” Matthew Hickey, a security expert and co-founder of Hacker House, told Ars Technica. “It is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it. A number of these attacks appear to be 0-day exploits which have no patch and work completely from a remote network perspective.”
While the public release of “top secret” NSA hacking tools is likely to cause concern for cyber-security experts and others, it was the Shadow Broker’s release of bank-hacking tools that may prove to be the most damaging to the NSA’s already tarnished reputation as their release included evidence that the NSA has compromised crucial elements of the global banking system, particularly in the Middle East.
More specifically, the leaks of the NSA’s bank-hacking tools showed that the agency had infiltrated EastNets, a Dubai-based financial firm that manages access to the SWIFT transaction system for dozens of banks and other firms throughout the Middle East as well as some banks based in the European Union. A list of hacked and targeted devices revealed that many of the banks and firms affected were based in nations such as Qatar, Dubai, Abu Dhabi, Syria, and Yemen. Al Quds Bank for Development and Investment, a Palestinian bank, was specifically singled out by the NSA.
SWIFT is a crucial service for both private and public financial firms and institutions, offering them the means to send and receive messages from other such institutions in a secure manner. Without SWIFT access, nations and the businesses operating within them become unable to complete international transactions and are thus cut off from the global economy at large. While hackers have been targeting SWIFT for years in attempts to redirect millions of dollars from banks, this is the first indication that a state actor has compromised the system.
Though the NSA appears to have used its access to the SWIFT system for finance-focused espionage as opposed to altering or pilfering SWIFT transactions, the revelations are likely to cause problems for foreign relations between the U.S. and several of its Middle Eastern allies who were targeted by the NSA, specifically the United Arab Emirates and Qatar.
“A big shitstorm is to come,” Matt Suiche, founder of UAE-based incident response and forensics startup Comae Technologies, told Wired. “You can expect the leadership of key organizations like banks and governments are going to be quite irritated, and they’re going to react.”