The US National Security Agency has compromised users of a major international money-transfer system used by some financial institutions and banks in the Middle East and Latin America, a group of hackers says.
The Shadow Brokers hacking group claimed in a blog post on Friday that it had obtained files and data that show the agency accessed the SWIFT messaging system.
There is evidence “of the largest infection of a SWIFT Service Bureau to date,” researcher Matt Suiche, founder of UAE-based cyber security firm Comae and the Dubai cybersecurity conference OPCDE, wrote in a Medium post.
In addition, the group said it had breached the NSA’s databases, obtaining highly confidential tools used by the agency to steal people’s data.
The group directed its visitors to download a cache of codes that revealed previously undisclosed computer exploits—known as zero-day exploits—that experts said were capable of causing chaos on an international scale.
There was also a piece of code that could be used to hack into computers using a fully-patched Windows operating system.
“It is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it,” Matthew Hickey, a researcher at the UK’s Hacker House security firm, told cyber security website Ars Technica.
Calling the package “by far the most powerful cache of exploits ever released,” Hickey said the leaked weapons allowed him to easily hack into several computers.
“It’s an absolute disaster,” he told the Associated Press. “I have been able to hack pretty much every Windows version here in my lab using this leak.”
Another hacker, who once worked with the Pentagon, said, “It’s not safe to run an internet-facing Windows box right now.”
Microsoft acknowledged the breach in a statement, saying it was “reviewing the report and will take the necessary actions to protect our customers.”
“Maybe if all surviving WWIII, The Shadow Brokers be seeing you next week. Who knows what we having next time?” the hackers teased at the end of their post.
Snowden: Not a drill
The hacked tools alarmed famous US whistleblower Edward Snowden, who first uncovered the extent of NSA’s illegal spying in 2013.
“This is not a drill: NSA exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft,” he said in a tweet.
The former NSA contractor, who has fled to Russia to avoid prosecution, said the NSA knew about the breach but refused to inform software companies.
“The NSA knew their hacking methods were stolen last year, but refused to tell software makers how to lock the thieves out. Are they liable?” he wrote in another tweet.