Home / / Revealed: Names of Arab banks targeted in NSA hack

Revealed: Names of Arab banks targeted in NSA hack

Major regional banks monitored by the NSA according to documents released by Shadow Brokers group

Revealed: Names of Arab banks targeted in NSA hack
After hacking a SWIFT regional bureau, NSA was able to monitor money flows among some Middle Eastern banks.

We can reveal the names of regional banks that were the target of monitoring by America’s National Security Agency (NSA).

Hackers last week released documents and files revealing that the NSA had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern banks.

The documents and tools, leaked by a group known as “Shadow Brokers”, likely belong to the NSA, according to cybersecurity experts, and date back to 2013. The NSA had also apparently found and exploited numerous vulnerabilities in a range of Microsoft Windows products widely used on computers around the world.

ITP.net has seen documents identifying the affected institutions in the region. The list includes marquee names in the region’s financial industry. 

NSA’s remit is broad and vague and there could be various reasons the organisation chose to monitor Middle East (and South American) banks. Cris Thomas, a security researcher with cybersecurity firm Tenable, told Reuters the intention seemed like an attempt to monitor, if not disrupt, financial transactions to terrorists groups. 


In August 2016, Shadow Brokers claimed they were successful in compromising an NSA-controlled hacking group known as “Equation Group”. Shadow Brokers also asserted they had in their possession a large amount of data proving the compromise of several financial organisations. They said the data was up for sale at a price of 1 million bitcoins.

After apparently receiving no offers, the group released the names and details of the organisations that the NSA had breached in 2013, and was currently maintaining access to.

In the Arab World, the hack was allegedly executed by first compromising the Middle East SWIFT service bureau “EastNets”.

Following the EastNets compromise, the attackers were able to breach the VPN gateway of alleged target organisations, eventually reaching the SWIFT Alliance Access system within the alleged target organisations’ networks.

EastNet has denied reports that its network was compromised terming the allegations “totally false and unfounded."

SWIFT was also quick to deny its own systems were breached instead pointing out that the allegations involve only its service bureaus and not its own network.

Experts we talked to, and who chose to remain anonymous, contend that since the documents date back to 2013, there has likely been progress beyond what is in the documents, indicating many more institutions may have been targeted. Further, with the same tools, the NSA may have been able to compromise other SWIFT bureaus besides EastNets.

Here’s the list of alleged targeted financial institutions breached as of August 2013 in the Middle East:

- Abu Dhabi Investment Co
- Al Hilal Islamic Bank
- Al Khalij Commercial Bank
- Al Mal Capital
- Al Quds Bank for Development & Investment
- Arab Bank
- Dubai Gold and Commodities Exchange
- Gulf Investment Corp
- Kuwait Fund for Arab Economic Development
- Ministry of Finance Muscat or Beirut (uncertain)
- NASDAQ Dubai
- Natexis Bank
- Palestine Commercial Bank
- Palestine Investment Bank/Philadelphia Investment Bank
- Palestine Monetary Authority
- Qatar First Investment Bank
- Rasmala Investment Bank
- Shamil Bank of Yemen and Bahrain
- Tadhamon International Islamic Bank

- The Group Securities Doha, QT

- United Bank

- Warba Bank

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.