The Five Biggest Threats Facing Bitcoin

Shadow Brokers release NSA hacking tools, but were the tools used in a series of bank robberies involving the SWIFT transfer system?

Shadow Brokers Leak Reveals The NSA's Deep Access Into SWIFT Banking Network

In August of 2016, a group calling itself the Shadow Brokers emerged with a treasure trove of purported NSA hacking tools. The group released only a small portion of its take and eventually tried unsuccessfully to auction the good stuff. When no one offered to pay, Shadow Brokers decided to give it away for free.
In an enterprise setting, however, disabling the Windows Firewall and allowing remote desktop connections is quite common. That's where these exploits were designed to work, and the Shadow Brokers data appears to reveal that the NSA used these tools against at least one eyebrow-raising target: a SWIFT bureau in the Middle East.
Following The Money
As part of the Bush administration's War on Terrorism the Terrorist Finance Tracking program was set up. Under TFTP, the U.S. gained the ability to monitor transactions carried out via SWIFT. Why target SWIFT specifically? There are upwards of 11,000 banks in 200 countries that use it, and they exchange around 15 million messages a day. If you need to keep an eye on large amounts of money moving internationally, SWIFT is the key.
•••
A leaked PowerPoint slide appears to confirm that the NSA had successfully set up backdoor monitoring on 9 banks running SWIFT Alliance Access (SAA) servers. At least three others at another SWIFT Bureau were targeted, but they had not been compromised at the time of creation of the PowerPoint presentation in 2013.
A Rundown of the Biggest Cybersecurity Incidents of 2016

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise. Read more

Biggest attack vector in finance: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.
Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
The post includes a link to a selection of files and folders. One sub-folder called "exploits" includes executable files with apparent codenames such as "Eternalsynergy," "Erraticgopher," and "Emeraldthread."
•••
"This is phenomenal data, it has all the hallmarks of slickly produced internal attack tools," Hacker Fantastic continued. "I am certain that analysis on this data will turn up another 0day [zero day]."
Security architect Kevin Beaumont told Motherboard in a Twitter direct message, "All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."
Targets of NSA hacking operations may also be able to determine whether they were compromised thanks to these new files. Cybersecurity company Symantec recently did something similar but with details of alleged CIA hacking tools released by Wikileaks.
Another section of the [dump]( (https://gist.github.com/misterch0c/08829bc65b208609d455a9f4aeaa2a6c) includes several alleged presentations marked "TOP SECRET" concerning "[JEEPFLEA_MARKET](
)." According to a previous analysis by Electrospaces.net, which searches through previously released government documents including the Snowden files for additional clues, Jeepflea is a hacking project from Tailored Access Operations (TAO), the NSA's elite hacking unit.
NSA's powerful Windows hacking tools leaked online
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
So here are the dots not being connected...
In 2016 Shadow Brokers placed a trove of NSA hacking tools up for sale last year. On 08.17.16 wired reported that that stolen NSA exploit tools were being held hostage for a Bit Coin pay out. When no one came up with the ransom the Shadow Brokers began selling the apps individually for prices that range from 1 to 1000 Bit Coins.
This is only half the story because prior to the release of the information in August 2016 maybe as far back as several years a series of attacks and robberies through the SWIFT system occurred.
Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh
That Insane, $81M Bangladesh Bank Heist? Here’s What We Know 05.17.16 - 7:00 am
Once Again, Thieves Enter Swift Financial Network and Steal
New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.
The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”
FOURTH bank hit by SWIFT hackers
Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.
There are many more articles beyond these, but what it looks like is the Shadow Brokers or some associated individuals pulled off a series of bank heists prior to releasing the applications to the open market. That also open the question of what the NSA was doing with the applications? They could have have been tracking "suspects" but it seems they could have also been moving money for any reason they chose without records being left in the banking system. The possible exploits were only exposed after a series of bank robberies exposed the power of the tools the NSA had developed.
It seems once again crimes have exposed the government's illicit powers concealed by the intelligence community (IC). It is entirely possible that the tools were used legally and only to expose private records of terrorists and spies under FISA warrants, but who knows. The only thing that exposed these exploits was the theft. Kinda makes ya wonder, huh?
The evidence and the different styles of hacking listed in the articles about the bank heists suggests that an initial group stole some NSA hacking tools and pulled off the Bangladesh heist. They may or may not have done Ecuador or the Philippines but it seems that at some point the exploits were sold on the open market, but that does not exclude some clandestine deals with other groups that also have employed the exploits. Once the initial 81 million was stolen they distributed the exploits to other groups who may have also attacked the SWIFT system and other targets to make forensics on nation state level zero day attacks that much more difficult. Several groups attempting independent attacks increased the attack vectors making identification even more difficult. It also appears that the hackers may have targeted banks that had the Trojans installed initially. So why would they go for relatively small scores when they essentially owned the SWIFT system. Could the hackers be attacking networks already infected with the Trojan.
It really makes sense when you think about the banks they hit. The NSA installs the Trojans to "observe" suspected transactions. The hackers obtain the exploits, found the Trojans phoning home and used them to own the infected systems, modified the attack vectors to transfer money. Why not skip the phishing attack when there was already infected banks. Take the path of least resistance that leads back to someone the American government would never admit lead away from the hackers.
Of course that means anyone including the IC could have manipulated transactions, but hey that wouldn't have been a robbery would it. Really the tools could have been used to track transactions, but they could have facilitated the IC surreptitious movement of money to fund operations.
In all reality it was very clever, make a score, don't get greedy, prevent the creation of a M.O. to narrow investigations and identify the perpetrators. But identifying clever when they managed to steal exploits from the NSA and could use the exploits to attack the banking system. Just the fact that they can't be identified means they are pretty slick and the exploits are not for the novice user. There were some skills at work here.
What else was done with the exploits and who are they?
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits Saturday, April 08, 2017
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000). Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*[email protected])#>deB7mN

THE SHADOW BROKERS MESS IS WHAT HAPPENS WHEN THE NSA HOARDS ZERO-DAYS AUTHOR: ANDY GREENBERG 08.17.16. - 8:34 PM
Everything you need to know about the NSA hack - but were afraid to Google
Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China
New leak suggests NSA penetrated Mideast banking networks By RAPHAEL SATTER

Sunday April 16, 2017 click here for archives
☰ Latest News
CoincidenceTheorist
-23-
submitted by J_Dillinger to WikiLeaks [link] [comments]

Shadow Brokers release NSA hacking tools, but were the tools used in a series of bank robberies involving the SWIFT transfer system?

Shadow Brokers Leak Reveals The NSA's Deep Access Into SWIFT Banking Network

In August of 2016, a group calling itself the Shadow Brokers emerged with a treasure trove of purported NSA hacking tools. The group released only a small portion of its take and eventually tried unsuccessfully to auction the good stuff. When no one offered to pay, Shadow Brokers decided to give it away for free.
In an enterprise setting, however, disabling the Windows Firewall and allowing remote desktop connections is quite common. That's where these exploits were designed to work, and the Shadow Brokers data appears to reveal that the NSA used these tools against at least one eyebrow-raising target: a SWIFT bureau in the Middle East.
Following The Money
As part of the Bush administration's War on Terrorism the Terrorist Finance Tracking program was set up. Under TFTP, the U.S. gained the ability to monitor transactions carried out via SWIFT. Why target SWIFT specifically? There are upwards of 11,000 banks in 200 countries that use it, and they exchange around 15 million messages a day. If you need to keep an eye on large amounts of money moving internationally, SWIFT is the key.
•••
A leaked PowerPoint slide appears to confirm that the NSA had successfully set up backdoor monitoring on 9 banks running SWIFT Alliance Access (SAA) servers. At least three others at another SWIFT Bureau were targeted, but they had not been compromised at the time of creation of the PowerPoint presentation in 2013.
A Rundown of the Biggest Cybersecurity Incidents of 2016

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise. Read more

Biggest attack vector in finance: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.
Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
The post includes a link to a selection of files and folders. One sub-folder called "exploits" includes executable files with apparent codenames such as "Eternalsynergy," "Erraticgopher," and "Emeraldthread."
•••
"This is phenomenal data, it has all the hallmarks of slickly produced internal attack tools," Hacker Fantastic continued. "I am certain that analysis on this data will turn up another 0day [zero day]."
Security architect Kevin Beaumont told Motherboard in a Twitter direct message, "All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."
Targets of NSA hacking operations may also be able to determine whether they were compromised thanks to these new files. Cybersecurity company Symantec recently did something similar but with details of alleged CIA hacking tools released by Wikileaks.
Another section of the [dump]( (https://gist.github.com/misterch0c/08829bc65b208609d455a9f4aeaa2a6c) includes several alleged presentations marked "TOP SECRET" concerning "[JEEPFLEA_MARKET](
)." According to a previous analysis by Electrospaces.net, which searches through previously released government documents including the Snowden files for additional clues, Jeepflea is a hacking project from Tailored Access Operations (TAO), the NSA's elite hacking unit.
NSA's powerful Windows hacking tools leaked online
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
So here are the dots not being connected...
In 2016 Shadow Brokers placed a trove of NSA hacking tools up for sale last year. On 08.17.16 wired reported that that stolen NSA exploit tools were being held hostage for a Bit Coin pay out. When no one came up with the ransom the Shadow Brokers began selling the apps individually for prices that range from 1 to 1000 Bit Coins.
This is only half the story because prior to the release of the information in August 2016 maybe as far back as several years a series of attacks and robberies through the SWIFT system occurred.
Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh
That Insane, $81M Bangladesh Bank Heist? Here’s What We Know 05.17.16 - 7:00 am
Once Again, Thieves Enter Swift Financial Network and Steal
New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.
The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”
FOURTH bank hit by SWIFT hackers
Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.
There are many more articles beyond these, but what it looks like is the Shadow Brokers or some associated individuals pulled off a series of bank heists prior to releasing the applications to the open market. That also open the question of what the NSA was doing with the applications? They could have have been tracking "suspects" but it seems they could have also been moving money for any reason they chose without records being left in the banking system. The possible exploits were only exposed after a series of bank robberies exposed the power of the tools the NSA had developed.
It seems once again crimes have exposed the government's illicit powers concealed by the intelligence community (IC). It is entirely possible that the tools were used legally and only to expose private records of terrorists and spies under FISA warrants, but who knows. The only thing that exposed these exploits was the theft. Kinda makes ya wonder, huh?
The evidence and the different styles of hacking listed in the articles about the bank heists suggests that an initial group stole some NSA hacking tools and pulled off the Bangladesh heist. They may or may not have done Ecuador or the Philippines but it seems that at some point the exploits were sold on the open market, but that does not exclude some clandestine deals with other groups that also have employed the exploits. Once the initial 81 million was stolen they distributed the exploits to other groups who may have also attacked the SWIFT system and other targets to make forensics on nation state level zero day attacks that much more difficult. Several groups attempting independent attacks increased the attack vectors making identification even more difficult. It also appears that the hackers may have targeted banks that had the Trojans installed initially. So why would they go for relatively small scores when they essentially owned the SWIFT system. Could the hackers be attacking networks already infected with the Trojan.
It really makes sense when you think about the banks they hit. The NSA installs the Trojans to "observe" suspected transactions. The hackers obtain the exploits, found the Trojans phoning home and used them to own the infected systems, modified the attack vectors to transfer money. Why not skip the phishing attack when there was already infected banks. Take the path of least resistance that leads back to someone the American government would never admit lead away from the hackers.
Of course that means anyone including the IC could have manipulated transactions, but hey that wouldn't have been a robbery would it. Really the tools could have been used to track transactions, but they could have facilitated the IC surreptitious movement of money to fund operations.
In all reality it was very clever, make a score, don't get greedy, prevent the creation of a M.O. to narrow investigations and identify the perpetrators. But identifying clever when they managed to steal exploits from the NSA and could use the exploits to attack the banking system. Just the fact that they can't be identified means they are pretty slick and the exploits are not for the novice user. There were some skills at work here.
What else was done with the exploits and who are they?
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits Saturday, April 08, 2017
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000). Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*[email protected])#>deB7mN

THE SHADOW BROKERS MESS IS WHAT HAPPENS WHEN THE NSA HOARDS ZERO-DAYS AUTHOR: ANDY GREENBERG 08.17.16. - 8:34 PM
Everything you need to know about the NSA hack - but were afraid to Google
Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China
New leak suggests NSA penetrated Mideast banking networks By RAPHAEL SATTER

Sunday April 16, 2017 click here for archives
☰ Latest News
CoincidenceTheorist
-23-
submitted by J_Dillinger to The_Redacted [link] [comments]

Shadow Brokers release NSA hacking tools, but were the tools used in a series of bank robberies involving the SWIFT transfer system?

Shadow Brokers Leak Reveals The NSA's Deep Access Into SWIFT Banking Network

In August of 2016, a group calling itself the Shadow Brokers emerged with a treasure trove of purported NSA hacking tools. The group released only a small portion of its take and eventually tried unsuccessfully to auction the good stuff. When no one offered to pay, Shadow Brokers decided to give it away for free.
In an enterprise setting, however, disabling the Windows Firewall and allowing remote desktop connections is quite common. That's where these exploits were designed to work, and the Shadow Brokers data appears to reveal that the NSA used these tools against at least one eyebrow-raising target: a SWIFT bureau in the Middle East.
Following The Money
As part of the Bush administration's War on Terrorism the Terrorist Finance Tracking program was set up. Under TFTP, the U.S. gained the ability to monitor transactions carried out via SWIFT. Why target SWIFT specifically? There are upwards of 11,000 banks in 200 countries that use it, and they exchange around 15 million messages a day. If you need to keep an eye on large amounts of money moving internationally, SWIFT is the key.
•••
A leaked PowerPoint slide appears to confirm that the NSA had successfully set up backdoor monitoring on 9 banks running SWIFT Alliance Access (SAA) servers. At least three others at another SWIFT Bureau were targeted, but they had not been compromised at the time of creation of the PowerPoint presentation in 2013.
A Rundown of the Biggest Cybersecurity Incidents of 2016

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise. Read more

Biggest attack vector in finance: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.
Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
The post includes a link to a selection of files and folders. One sub-folder called "exploits" includes executable files with apparent codenames such as "Eternalsynergy," "Erraticgopher," and "Emeraldthread."
•••
"This is phenomenal data, it has all the hallmarks of slickly produced internal attack tools," Hacker Fantastic continued. "I am certain that analysis on this data will turn up another 0day [zero day]."
Security architect Kevin Beaumont told Motherboard in a Twitter direct message, "All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."
Targets of NSA hacking operations may also be able to determine whether they were compromised thanks to these new files. Cybersecurity company Symantec recently did something similar but with details of alleged CIA hacking tools released by Wikileaks.
Another section of the [dump]( (https://gist.github.com/misterch0c/08829bc65b208609d455a9f4aeaa2a6c) includes several alleged presentations marked "TOP SECRET" concerning "[JEEPFLEA_MARKET](
)." According to a previous analysis by Electrospaces.net, which searches through previously released government documents including the Snowden files for additional clues, Jeepflea is a hacking project from Tailored Access Operations (TAO), the NSA's elite hacking unit.
NSA's powerful Windows hacking tools leaked online
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
So here are the dots not being connected...
In 2016 Shadow Brokers placed a trove of NSA hacking tools up for sale last year. On 08.17.16 wired reported that that stolen NSA exploit tools were being held hostage for a Bit Coin pay out. When no one came up with the ransom the Shadow Brokers began selling the apps individually for prices that range from 1 to 1000 Bit Coins.
This is only half the story because prior to the release of the information in August 2016 maybe as far back as several years a series of attacks and robberies through the SWIFT system occurred.
Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh
That Insane, $81M Bangladesh Bank Heist? Here’s What We Know 05.17.16 - 7:00 am
Once Again, Thieves Enter Swift Financial Network and Steal
New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.
The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”
FOURTH bank hit by SWIFT hackers
Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.
There are many more articles beyond these, but what it looks like is the Shadow Brokers or some associated individuals pulled off a series of bank heists prior to releasing the applications to the open market. That also open the question of what the NSA was doing with the applications? They could have have been tracking "suspects" but it seems they could have also been moving money for any reason they chose without records being left in the banking system. The possible exploits were only exposed after a series of bank robberies exposed the power of the tools the NSA had developed.
It seems once again crimes have exposed the government's illicit powers concealed by the intelligence community (IC). It is entirely possible that the tools were used legally and only to expose private records of terrorists and spies under FISA warrants, but who knows. The only thing that exposed these exploits was the theft. Kinda makes ya wonder, huh?
The evidence and the different styles of hacking listed in the articles about the bank heists suggests that an initial group stole some NSA hacking tools and pulled off the Bangladesh heist. They may or may not have done Ecuador or the Philippines but it seems that at some point the exploits were sold on the open market, but that does not exclude some clandestine deals with other groups that also have employed the exploits. Once the initial 81 million was stolen they distributed the exploits to other groups who may have also attacked the SWIFT system and other targets to make forensics on nation state level zero day attacks that much more difficult. Several groups attempting independent attacks increased the attack vectors making identification even more difficult. It also appears that the hackers may have targeted banks that had the Trojans installed initially. So why would they go for relatively small scores when they essentially owned the SWIFT system. Could the hackers be attacking networks already infected with the Trojan.
It really makes sense when you think about the banks they hit. The NSA installs the Trojans to "observe" suspected transactions. The hackers obtain the exploits, found the Trojans phoning home and used them to own the infected systems, modified the attack vectors to transfer money. Why not skip the phishing attack when there was already infected banks. Take the path of least resistance that leads back to someone the American government would never admit lead away from the hackers.
Of course that means anyone including the IC could have manipulated transactions, but hey that wouldn't have been a robbery would it. Really the tools could have been used to track transactions, but they could have facilitated the IC surreptitious movement of money to fund operations.
In all reality it was very clever, make a score, don't get greedy, prevent the creation of a M.O. to narrow investigations and identify the perpetrators. But identifying clever when they managed to steal exploits from the NSA and could use the exploits to attack the banking system. Just the fact that they can't be identified means they are pretty slick and the exploits are not for the novice user. There were some skills at work here.
What else was done with the exploits and who are they?
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits Saturday, April 08, 2017
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000). Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*[email protected])#>deB7mN

THE SHADOW BROKERS MESS IS WHAT HAPPENS WHEN THE NSA HOARDS ZERO-DAYS AUTHOR: ANDY GREENBERG 08.17.16. - 8:34 PM
Everything you need to know about the NSA hack - but were afraid to Google
Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China
New leak suggests NSA penetrated Mideast banking networks By RAPHAEL SATTER

Sunday April 16, 2017 click here for archives
☰ Latest News
CoincidenceTheorist
-23-
submitted by J_Dillinger to TruthLeaks [link] [comments]

Shadow Brokers release NSA hacking tools, but were the tools used in a series of bank robberies involving the SWIFT transfer system?

Shadow Brokers Leak Reveals The NSA's Deep Access Into SWIFT Banking Network

In August of 2016, a group calling itself the Shadow Brokers emerged with a treasure trove of purported NSA hacking tools. The group released only a small portion of its take and eventually tried unsuccessfully to auction the good stuff. When no one offered to pay, Shadow Brokers decided to give it away for free.
In an enterprise setting, however, disabling the Windows Firewall and allowing remote desktop connections is quite common. That's where these exploits were designed to work, and the Shadow Brokers data appears to reveal that the NSA used these tools against at least one eyebrow-raising target: a SWIFT bureau in the Middle East.
Following The Money
As part of the Bush administration's War on Terrorism the Terrorist Finance Tracking program was set up. Under TFTP, the U.S. gained the ability to monitor transactions carried out via SWIFT. Why target SWIFT specifically? There are upwards of 11,000 banks in 200 countries that use it, and they exchange around 15 million messages a day. If you need to keep an eye on large amounts of money moving internationally, SWIFT is the key.
•••
A leaked PowerPoint slide appears to confirm that the NSA had successfully set up backdoor monitoring on 9 banks running SWIFT Alliance Access (SAA) servers. At least three others at another SWIFT Bureau were targeted, but they had not been compromised at the time of creation of the PowerPoint presentation in 2013.
A Rundown of the Biggest Cybersecurity Incidents of 2016

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise. Read more

Biggest attack vector in finance: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.
Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
The post includes a link to a selection of files and folders. One sub-folder called "exploits" includes executable files with apparent codenames such as "Eternalsynergy," "Erraticgopher," and "Emeraldthread."
•••
"This is phenomenal data, it has all the hallmarks of slickly produced internal attack tools," Hacker Fantastic continued. "I am certain that analysis on this data will turn up another 0day [zero day]."
Security architect Kevin Beaumont told Motherboard in a Twitter direct message, "All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."
Targets of NSA hacking operations may also be able to determine whether they were compromised thanks to these new files. Cybersecurity company Symantec recently did something similar but with details of alleged CIA hacking tools released by Wikileaks.
Another section of the [dump]( (https://gist.github.com/misterch0c/08829bc65b208609d455a9f4aeaa2a6c) includes several alleged presentations marked "TOP SECRET" concerning "[JEEPFLEA_MARKET](
)." According to a previous analysis by Electrospaces.net, which searches through previously released government documents including the Snowden files for additional clues, Jeepflea is a hacking project from Tailored Access Operations (TAO), the NSA's elite hacking unit.
NSA's powerful Windows hacking tools leaked online
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
So here are the dots not being connected...
In 2016 Shadow Brokers placed a trove of NSA hacking tools up for sale last year. On 08.17.16 wired reported that that stolen NSA exploit tools were being held hostage for a Bit Coin pay out. When no one came up with the ransom the Shadow Brokers began selling the apps individually for prices that range from 1 to 1000 Bit Coins.
This is only half the story because prior to the release of the information in August 2016 maybe as far back as several years a series of attacks and robberies through the SWIFT system occurred.
Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh
That Insane, $81M Bangladesh Bank Heist? Here’s What We Know 05.17.16 - 7:00 am
Once Again, Thieves Enter Swift Financial Network and Steal
New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.
The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”
FOURTH bank hit by SWIFT hackers
Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.
There are many more articles beyond these, but what it looks like is the Shadow Brokers or some associated individuals pulled off a series of bank heists prior to releasing the applications to the open market. That also open the question of what the NSA was doing with the applications? They could have have been tracking "suspects" but it seems they could have also been moving money for any reason they chose without records being left in the banking system. The possible exploits were only exposed after a series of bank robberies exposed the power of the tools the NSA had developed.
It seems once again crimes have exposed the government's illicit powers concealed by the intelligence community (IC). It is entirely possible that the tools were used legally and only to expose private records of terrorists and spies under FISA warrants, but who knows. The only thing that exposed these exploits was the theft. Kinda makes ya wonder, huh?
The evidence and the different styles of hacking listed in the articles about the bank heists suggests that an initial group stole some NSA hacking tools and pulled off the Bangladesh heist. They may or may not have done Ecuador or the Philippines but it seems that at some point the exploits were sold on the open market, but that does not exclude some clandestine deals with other groups that also have employed the exploits. Once the initial 81 million was stolen they distributed the exploits to other groups who may have also attacked the SWIFT system and other targets to make forensics on nation state level zero day attacks that much more difficult. Several groups attempting independent attacks increased the attack vectors making identification even more difficult. It also appears that the hackers may have targeted banks that had the Trojans installed initially. So why would they go for relatively small scores when they essentially owned the SWIFT system. Could the hackers be attacking networks already infected with the Trojan.
It really makes sense when you think about the banks they hit. The NSA installs the Trojans to "observe" suspected transactions. The hackers obtain the exploits, found the Trojans phoning home and used them to own the infected systems, modified the attack vectors to transfer money. Why not skip the phishing attack when there was already infected banks. Take the path of least resistance that leads back to someone the American government would never admit lead away from the hackers.
Of course that means anyone including the IC could have manipulated transactions, but hey that wouldn't have been a robbery would it. Really the tools could have been used to track transactions, but they could have facilitated the IC surreptitious movement of money to fund operations.
In all reality it was very clever, make a score, don't get greedy, prevent the creation of a M.O. to narrow investigations and identify the perpetrators. But identifying clever when they managed to steal exploits from the NSA and could use the exploits to attack the banking system. Just the fact that they can't be identified means they are pretty slick and the exploits are not for the novice user. There were some skills at work here.
What else was done with the exploits and who are they?
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits Saturday, April 08, 2017
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000). Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*[email protected])#>deB7mN

THE SHADOW BROKERS MESS IS WHAT HAPPENS WHEN THE NSA HOARDS ZERO-DAYS AUTHOR: ANDY GREENBERG 08.17.16. - 8:34 PM
Everything you need to know about the NSA hack - but were afraid to Google
Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China
New leak suggests NSA penetrated Mideast banking networks By RAPHAEL SATTER

Sunday April 16, 2017 click here for archives
☰ Latest News
CoincidenceTheorist
-23-
submitted by J_Dillinger to conspiracy [link] [comments]

Shadow Brokers release NSA hacking tools, but were the tools used in a series of bank robberies involving the SWIFT transfer system?

Shadow Brokers Leak Reveals The NSA's Deep Access Into SWIFT Banking Network

In August of 2016, a group calling itself the Shadow Brokers emerged with a treasure trove of purported NSA hacking tools. The group released only a small portion of its take and eventually tried unsuccessfully to auction the good stuff. When no one offered to pay, Shadow Brokers decided to give it away for free.
In an enterprise setting, however, disabling the Windows Firewall and allowing remote desktop connections is quite common. That's where these exploits were designed to work, and the Shadow Brokers data appears to reveal that the NSA used these tools against at least one eyebrow-raising target: a SWIFT bureau in the Middle East.
Following The Money
As part of the Bush administration's War on Terrorism the Terrorist Finance Tracking program was set up. Under TFTP, the U.S. gained the ability to monitor transactions carried out via SWIFT. Why target SWIFT specifically? There are upwards of 11,000 banks in 200 countries that use it, and they exchange around 15 million messages a day. If you need to keep an eye on large amounts of money moving internationally, SWIFT is the key.
•••
A leaked PowerPoint slide appears to confirm that the NSA had successfully set up backdoor monitoring on 9 banks running SWIFT Alliance Access (SAA) servers. At least three others at another SWIFT Bureau were targeted, but they had not been compromised at the time of creation of the PowerPoint presentation in 2013.
A Rundown of the Biggest Cybersecurity Incidents of 2016

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise. Read more

Biggest attack vector in finance: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.
Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
The post includes a link to a selection of files and folders. One sub-folder called "exploits" includes executable files with apparent codenames such as "Eternalsynergy," "Erraticgopher," and "Emeraldthread."
•••
"This is phenomenal data, it has all the hallmarks of slickly produced internal attack tools," Hacker Fantastic continued. "I am certain that analysis on this data will turn up another 0day [zero day]."
Security architect Kevin Beaumont told Motherboard in a Twitter direct message, "All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."
Targets of NSA hacking operations may also be able to determine whether they were compromised thanks to these new files. Cybersecurity company Symantec recently did something similar but with details of alleged CIA hacking tools released by Wikileaks.
Another section of the [dump]( (https://gist.github.com/misterch0c/08829bc65b208609d455a9f4aeaa2a6c) includes several alleged presentations marked "TOP SECRET" concerning "[JEEPFLEA_MARKET](
)." According to a previous analysis by Electrospaces.net, which searches through previously released government documents including the Snowden files for additional clues, Jeepflea is a hacking project from Tailored Access Operations (TAO), the NSA's elite hacking unit.
NSA's powerful Windows hacking tools leaked online
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
So here are the dots not being connected...
In 2016 Shadow Brokers placed a trove of NSA hacking tools up for sale last year. On 08.17.16 wired reported that that stolen NSA exploit tools were being held hostage for a Bit Coin pay out. When no one came up with the ransom the Shadow Brokers began selling the apps individually for prices that range from 1 to 1000 Bit Coins.
This is only half the story because prior to the release of the information in August 2016 maybe as far back as several years a series of attacks and robberies through the SWIFT system occurred.
Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh
That Insane, $81M Bangladesh Bank Heist? Here’s What We Know 05.17.16 - 7:00 am
Once Again, Thieves Enter Swift Financial Network and Steal
New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.
The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”
FOURTH bank hit by SWIFT hackers
Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.
There are many more articles beyond these, but what it looks like is the Shadow Brokers or some associated individuals pulled off a series of bank heists prior to releasing the applications to the open market. That also open the question of what the NSA was doing with the applications? They could have have been tracking "suspects" but it seems they could have also been moving money for any reason they chose without records being left in the banking system. The possible exploits were only exposed after a series of bank robberies exposed the power of the tools the NSA had developed.
It seems once again crimes have exposed the government's illicit powers concealed by the intelligence community (IC). It is entirely possible that the tools were used legally and only to expose private records of terrorists and spies under FISA warrants, but who knows. The only thing that exposed these exploits was the theft. Kinda makes ya wonder, huh?
The evidence and the different styles of hacking listed in the articles about the bank heists suggests that an initial group stole some NSA hacking tools and pulled off the Bangladesh heist. They may or may not have done Ecuador or the Philippines but it seems that at some point the exploits were sold on the open market, but that does not exclude some clandestine deals with other groups that also have employed the exploits. Once the initial 81 million was stolen they distributed the exploits to other groups who may have also attacked the SWIFT system and other targets to make forensics on nation state level zero day attacks that much more difficult. Several groups attempting independent attacks increased the attack vectors making identification even more difficult. It also appears that the hackers may have targeted banks that had the Trojans installed initially. So why would they go for relatively small scores when they essentially owned the SWIFT system. Could the hackers be attacking networks already infected with the Trojan.
It really makes sense when you think about the banks they hit. The NSA installs the Trojans to "observe" suspected transactions. The hackers obtain the exploits, found the Trojans phoning home and used them to own the infected systems, modified the attack vectors to transfer money. Why not skip the phishing attack when there was already infected banks. Take the path of least resistance that leads back to someone the American government would never admit lead away from the hackers.
Of course that means anyone including the IC could have manipulated transactions, but hey that wouldn't have been a robbery would it. Really the tools could have been used to track transactions, but they could have facilitated the IC surreptitious movement of money to fund operations.
In all reality it was very clever, make a score, don't get greedy, prevent the creation of a M.O. to narrow investigations and identify the perpetrators. But identifying clever when they managed to steal exploits from the NSA and could use the exploits to attack the banking system. Just the fact that they can't be identified means they are pretty slick and the exploits are not for the novice user. There were some skills at work here.
What else was done with the exploits and who are they?
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits Saturday, April 08, 2017
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000). Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*[email protected])#>deB7mN

THE SHADOW BROKERS MESS IS WHAT HAPPENS WHEN THE NSA HOARDS ZERO-DAYS AUTHOR: ANDY GREENBERG 08.17.16. - 8:34 PM
Everything you need to know about the NSA hack - but were afraid to Google
Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China
New leak suggests NSA penetrated Mideast banking networks By RAPHAEL SATTER

Sunday April 16, 2017 click here for archives
☰ Latest News
CoincidenceTheorist
-23-
submitted by J_Dillinger to CoincidenceTheorist [link] [comments]

Shadow Brokers release NSA hacking tools, but were the tools used in a series of bank robberies involving the SWIFT transfer system?

Shadow Brokers Leak Reveals The NSA's Deep Access Into SWIFT Banking Network

In August of 2016, a group calling itself the Shadow Brokers emerged with a treasure trove of purported NSA hacking tools. The group released only a small portion of its take and eventually tried unsuccessfully to auction the good stuff. When no one offered to pay, Shadow Brokers decided to give it away for free.
In an enterprise setting, however, disabling the Windows Firewall and allowing remote desktop connections is quite common. That's where these exploits were designed to work, and the Shadow Brokers data appears to reveal that the NSA used these tools against at least one eyebrow-raising target: a SWIFT bureau in the Middle East.
Following The Money
As part of the Bush administration's War on Terrorism the Terrorist Finance Tracking program was set up. Under TFTP, the U.S. gained the ability to monitor transactions carried out via SWIFT. Why target SWIFT specifically? There are upwards of 11,000 banks in 200 countries that use it, and they exchange around 15 million messages a day. If you need to keep an eye on large amounts of money moving internationally, SWIFT is the key.
•••
A leaked PowerPoint slide appears to confirm that the NSA had successfully set up backdoor monitoring on 9 banks running SWIFT Alliance Access (SAA) servers. At least three others at another SWIFT Bureau were targeted, but they had not been compromised at the time of creation of the PowerPoint presentation in 2013.
A Rundown of the Biggest Cybersecurity Incidents of 2016

Most expensive attacks: Leoni and Bangladesh Bank

Large multinational companies are the prime targets of Business Email Compromise (BEC), which is a type of online scam that usually begins with an attacker compromising a legitimate email account and tricking the company’s financial officer to wire funds to their accounts. Typically the companies that fall victim to these scams deal with foreign suppliers and habitually use wire transfer payments. Victims of BEC scams have increased 270% since the start of 2015, and this year saw one of the largest amounts lost by an enterprise. Read more

Biggest attack vector in finance: SWIFT

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global transaction messaging network used by banks and other financial entities such as foreign exchanges and investment firms. Unfortunately, this year saw attackers targeting SWIFT clients, compromising and manipulating organizations into sending fraudulent money transfer requests. It’s unclear how many of these attacks were actually successful, but in June, SWIFT sent its clients a letter warning them about the possible dangers. The organization also urged clients to update their software and tighten their cyber defenses.
Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
The post includes a link to a selection of files and folders. One sub-folder called "exploits" includes executable files with apparent codenames such as "Eternalsynergy," "Erraticgopher," and "Emeraldthread."
•••
"This is phenomenal data, it has all the hallmarks of slickly produced internal attack tools," Hacker Fantastic continued. "I am certain that analysis on this data will turn up another 0day [zero day]."
Security architect Kevin Beaumont told Motherboard in a Twitter direct message, "All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they've not been seen before."
Targets of NSA hacking operations may also be able to determine whether they were compromised thanks to these new files. Cybersecurity company Symantec recently did something similar but with details of alleged CIA hacking tools released by Wikileaks.
Another section of the [dump]( (https://gist.github.com/misterch0c/08829bc65b208609d455a9f4aeaa2a6c) includes several alleged presentations marked "TOP SECRET" concerning "[JEEPFLEA_MARKET](
)." According to a previous analysis by Electrospaces.net, which searches through previously released government documents including the Snowden files for additional clues, Jeepflea is a hacking project from Tailored Access Operations (TAO), the NSA's elite hacking unit.
NSA's powerful Windows hacking tools leaked online
Shadow Brokers leak NSA documents that may reveal operation aimed at Middle Eastern banks
So here are the dots not being connected...
In 2016 Shadow Brokers placed a trove of NSA hacking tools up for sale last year. On 08.17.16 wired reported that that stolen NSA exploit tools were being held hostage for a Bit Coin pay out. When no one came up with the ransom the Shadow Brokers began selling the apps individually for prices that range from 1 to 1000 Bit Coins.
This is only half the story because prior to the release of the information in August 2016 maybe as far back as several years a series of attacks and robberies through the SWIFT system occurred.
Swift Hack Probe Expands to Up to a Dozen Banks Beyond Bangladesh
That Insane, $81M Bangladesh Bank Heist? Here’s What We Know 05.17.16 - 7:00 am
Once Again, Thieves Enter Swift Financial Network and Steal
New details about a second attack involving Swift — the messaging system used by thousands of banks and companies to move money around the world — are emerging as investigators are still trying to solve the $81 million heist from the central bank of Bangladesh in February. In that theft, the attackers were able to compel the Federal Reserve Bank of New York to move money to accounts in the Philippines.
The second attack involves a commercial bank, which Swift declined to identify. But in a letter Swift plans to share with its users on Friday, the messaging network warned that the two attacks bore numerous similarities and were very likely part of a “wider and highly adaptive campaign targeting banks.”
FOURTH bank hit by SWIFT hackers
Evidence is emerging that the SWIFT (Society for Worldwide Interbank Financial Telecom) attacks began as far back as October 2015 when the Philippines bank was first hit, two months prior to the discovery of the failed attack on Tien Phong Bank in Vietnam.
There are many more articles beyond these, but what it looks like is the Shadow Brokers or some associated individuals pulled off a series of bank heists prior to releasing the applications to the open market. That also open the question of what the NSA was doing with the applications? They could have have been tracking "suspects" but it seems they could have also been moving money for any reason they chose without records being left in the banking system. The possible exploits were only exposed after a series of bank robberies exposed the power of the tools the NSA had developed.
It seems once again crimes have exposed the government's illicit powers concealed by the intelligence community (IC). It is entirely possible that the tools were used legally and only to expose private records of terrorists and spies under FISA warrants, but who knows. The only thing that exposed these exploits was the theft. Kinda makes ya wonder, huh?
The evidence and the different styles of hacking listed in the articles about the bank heists suggests that an initial group stole some NSA hacking tools and pulled off the Bangladesh heist. They may or may not have done Ecuador or the Philippines but it seems that at some point the exploits were sold on the open market, but that does not exclude some clandestine deals with other groups that also have employed the exploits. Once the initial 81 million was stolen they distributed the exploits to other groups who may have also attacked the SWIFT system and other targets to make forensics on nation state level zero day attacks that much more difficult. Several groups attempting independent attacks increased the attack vectors making identification even more difficult. It also appears that the hackers may have targeted banks that had the Trojans installed initially. So why would they go for relatively small scores when they essentially owned the SWIFT system. Could the hackers be attacking networks already infected with the Trojan.
It really makes sense when you think about the banks they hit. The NSA installs the Trojans to "observe" suspected transactions. The hackers obtain the exploits, found the Trojans phoning home and used them to own the infected systems, modified the attack vectors to transfer money. Why not skip the phishing attack when there was already infected banks. Take the path of least resistance that leads back to someone the American government would never admit lead away from the hackers.
Of course that means anyone including the IC could have manipulated transactions, but hey that wouldn't have been a robbery would it. Really the tools could have been used to track transactions, but they could have facilitated the IC surreptitious movement of money to fund operations.
In all reality it was very clever, make a score, don't get greedy, prevent the creation of a M.O. to narrow investigations and identify the perpetrators. But identifying clever when they managed to steal exploits from the NSA and could use the exploits to attack the banking system. Just the fact that they can't be identified means they are pretty slick and the exploits are not for the novice user. There were some skills at work here.
What else was done with the exploits and who are they?
Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits Saturday, April 08, 2017
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000). Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.

CrDj”(;Va.*[email protected])#>deB7mN

THE SHADOW BROKERS MESS IS WHAT HAPPENS WHEN THE NSA HOARDS ZERO-DAYS AUTHOR: ANDY GREENBERG 08.17.16. - 8:34 PM
Everything you need to know about the NSA hack - but were afraid to Google
Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China
New leak suggests NSA penetrated Mideast banking networks By RAPHAEL SATTER

Sunday April 16, 2017 click here for archives
☰ Latest News
CoincidenceTheorist
-23-
submitted by J_Dillinger to CoincidenceTheorist [link] [comments]

The Biggest Scam In The History Of Mankind - Hidden Secrets of Money Ep 4 I JUST GOT ROBBED IN ANGELES CITY, PHILIPPINES! Shooting Robbery 200 Yards From Our House Possible Murder Philippines Expat Foreigner Philippines Manila Bank robbery cash transport Robbery of U.S. Citizen in Manila, Chinatown, Mall 168

Information about crime in Cebu, Philippines. Shows how much people think the problem in their community are property crimes (home broken, car theft, etc.), violent crimes (being mugged or robbed, being attacked or insulted), corruption and other crimes. The Great Bitcoin Bank Robbery: Hacking Bitcoing. Sean Everett wasn’t sure how his bullish bet on cryptocurrency would turn out. But he definitely didn’t expect it to be over so soon. In March, he sold all his stocks, including Apple and Amazon, and used a chunk of the proceeds to buy Bitcoin and Ethereum on a site called Coinbase. Four arrests over Taiwan's 'first' bitcoin robbery Feb 22, 2018 - 4:26 PM The suspects pretend to be interested in buying bitcoins before assaulting the victim and forcibly transferring the Bitcoin is worth a lot of money and that can open many doors. Bitcoin was supposed to be to currency what the internet was to information: liberating. In neither case did it quite work out that way. And, every time there is another bitcoin robbery or scam, it draws attention from the mainstream. Now-failed Mt. Gox was once the dominant exchange. Source: Pantera Capital.

[index] [11997] [25086] [16622] [9240] [19432] [7231] [13336] [30299] [14319] [24436]

The Biggest Scam In The History Of Mankind - Hidden Secrets of Money Ep 4

Robbed in the Philippines - Lessons Learnt 12 months ago my Filipina wife and I were staying at Sea of Dreams resort in Caba La Union Philippines when our fantastic vacation turned very sour after ... 6 Adults (5 women, 1 man, and 1 minor) - ALL caught on camera walking the at the 168 Mall in a very well rehearsed scam, which ended up robbing me of my wallet and all its contents. This includes ... I give four tips to avoid being robbed in Philippines. My Philippine crime prevention tips are general guidelines that foreigners can use when traveling around the Philippines. Remy was robbed as ... - RCBC Bank in Philippines - Malware hacking - Federal Reserve Bank of New York (New York Fed) ... 'Fake Bitcoin' - How this Woman Scammed the World, then Vanished - Duration: 17:50. Attack on Philippine resort was a robbery: Police The attack on an entertainment resort in the Philippines capital is being labelled a botched robbery. Philippine police have ruled out "terrorism ...

Flag Counter