In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matt Suiche, Director of Research and Development for Memory Analysis and Incident Response for Magnet Forensics.

“Writing exploits, especially modern exploits, requires the invention and use of new techniques,” said Matt Suiche, a director for memory, incident response, and R&D at Magnet Forensics. “This isn’t something that AI can do yet.”

“Imagine being so good at hacking that you find bugs in consoles that don’t exist,” Matt Suiche, a security researcher, joked on Twitter in response to the news.

The industry is so focused on endpoints that it’s missing actual problems and neglecting the need to address the motivations of attackers, according to Matt Suiche, director of memory and incident response research and development at Magnet Forensics.

Magnet Forensics, a developer of digital investigation solutions for more than 4,000 enterprises and public safety organizations in over 100 countries, announced the acquisition of the strategic IP assets of Comae Technologies.

On this episode of Odd Lots, Joe Weisenthal and Tracy Alloway speak with Matt Suiche, a famous hacker and co-founder of Comae Technologies, about what a cyber war between Russia and the West may actually look like.

Webshells now seem to be a reason for the FBI to access servers in the United States. That notion was suggested by Matt Suiche, a security researcher and Microsoft Most Valuable Professional, in this Twitter post.

Security researcher Matt Suiche, a French entrepreneur based in Dubai who founded the cybersecurity firm Comae Technologies, reviewed the report and said it appeared entry was gained through an anti-corruption tracker at the U.N. Office of Drugs and Crime.

Security researcher Matt Suiche, a French entrepreneur based in Dubai who founded the cybersecurity firm Comae Technologies , reviewed the report and said it appeared entry was gained through an anti-corruption tracker at the UN Office of Drugs and Crime.

Matt Suiche, a French entrepreneur based in Dubai who founded cybersecurity firm Comae Technologies, said the video file was presumably on the iPhone because the report showed a screenshot of it. If the file had been deleted, he said the report should have stated this or explained why it was not possible to retrieve it. “They’re not doing that. It shows poor quality of the investigation,” Suiche said.

Matt Suiche, a well-known researcher who developed virtualization software in the past, tweeted: “Imagine what today's Cloud Computing landscape would look like if VMware had been sued by IBM or Microsoft back in 1998,”

Some have decried Microsoft’s backing of AnyVision. One critic, cybersecurity entrepreneur Matt Suiche, called the investment “scandalous.”

I understand the paranoia; we have seen security products with security bugs many times," Suiche said. "Whatever is software will have security bugs, that's the AppSec Murphy's Law. So backdoor or not, I'm sure we will see presentations where people find security bugs.

After this stage, hacker and security researcher Matt Suiche noticed that the app dumped the information in a location of his choosing without encrypting it first.

In one incident, shared by Matt Suiche, an incident response expert who runs Comae Technologies, fraudsters phoned a would-be victim - in reality, an information security expert

But like many Facebook updates and actions, it's far from perfect. Tech founder Matthieu Suiche pointed out this Facebook ad last week that successfully broke through the rules by using "BITC0IN" in the shared text and article headline.

In one recent ad, the "o" in "BITCOIN" was replaced with a zero, and the capital I’s were replaced with lowercase L’s. The tactic was noticed by French entrepreneur Matthieu Suiche on Twitter, who said he was surprised by the ban’s lack of sophistication.

Matthieu Suiche, founder of cybersecurity startup Comae Technologies, tweeted a screenshot allegedly showing one of the offending ads on Saturday. The ad was likely intentionally misspelled, Suiche wrote, presumably to circumvent Facebook’s ban.

But in many ways they are no safer than any other software, Matt Suiche, who runs the blockchain security company Comae Technologies, said in a phone interview.

“For many days, people were classifying NotPetya as an actual ransomware,” said Matt Suiche, founder of Comae Technologies, a cybersecurity firm. “It took a few days for people to understand what it was doing” — that it was permanently wiping data, he said.

Monero is now “one of the favorites, if not the favorite,” Matt Suiche, founder of Dubai-based security firm Comae Technologies, said in a phone interview.

Shortly after the attacks in May that crippled U.K. hospitals, infected medical equipment and caused widespread chaos, cybersecurity researchers from Google, Comae Technologies, Kaspersky Lab and Symantec all made technical links between the WannaCry malware and the Lazarus Group, a cyberespionage crew previously associated with North Korean-government operations.

Matt Suiche, founder of Comae Technologies, discusses bitcoin's popularity and security. He speaks on "Bloomberg Markets: Middle East."

Although Parity didn't disclose how much ether is currently frozen, French hacker Matt Suiche said in a blog post Tuesday that the code wipeout means that more than $280 million worth has been locked.

Matthieu Suiche, a security and cryptocurrency expert at Comae Technologies, said in a blog post that the bug in question had likely managed to escape an internal Parity code review.

Prominent cybersecurity guru Matt Suiche both came to this conclusion within 24 hours of the attack, and it gels with officials’ gut instincts.

Incident response expert Matt Suiche, managing director of Dubai-based Comae Technologies, says whoever launched BadRabbit appeared to possess the original source code for NotPetya. 'Many parts have been improved, deleted and rewritten,' he says via Twitter.

Matt Suiche, founder of Comae Technologies, noted on Twitter that the two ransomware variants had much more in common than most thought.

Matt Suiche, founder of managed threat detection company Comae Technologies, told SearchSecurity that the Kaspersky transparency 'initiative is good in general,' but said it might not be enough to prove they are innocent. It's hard (or impossible) to come back from allegations f(...)

When it comes to software engineering, there is no way to actually verify it. Because, by definition, software always has vulnerabilities, because the software is being engineered by humans,” said Matt Suiche, founder of Comae Technologies.

Security Researcher Matthieu Suiche noted that the latest attack was an “improved and more lethal version” of its predecessor, WannaCry. Suiche helped contain WannaCry’s spread with a kill switch he made to stop the attacks. He said that WannaCry had attempted to hit 80,000(...)

Law enforcement officials will be on the alert, tracking where the bitcoin goes, according to Matthieu Suiche, founder of Comae Technologie. Essentially, investigators will be able to see a trail of digital breadcrumbs leading from account to account.

From a hack-attack timing standpoint - although it may be coincidence - HBO has recently been advertising for a senior information security manager on LinkedIn, according to incident response expert Matt Suiche.

While theories abound, well-known cyber security expert Matt Suiche and other analysts have come to a disturbing conclusion. Their analysis suggests that the main purpose of the attack was financial disruption and widespread destruction.

Comae Technologies recently announced at the DEF CON hacker conference in Las Vegas held on July 27 the launching of Porosity, the first ever decompiler for Ethereum Virtual Machine (EVM) integrated with JP Morgan's Quorum.

The Shadow Brokers dumps started relatively small, Suiche said; the first batch of free exploits included bugs in many common firewall products. The group later followed up with Solaris operating system exploits, as well as more detailed information on proposed Equation Group tar(...)

Matt Suiche, Comae Technologies founder, announced at the DefCon hacker conference held in Las Vegas yesterday a new solution – Porosity, the open-source EVM decompiler capable of deciphering the code that makes up executable distributed code contracts (EDCC).

On July 27, 2017, at the DEF CON 25 hackathon conference, Comae Technologies founder, Matt Suiche revealed Porosity, a decompiler capable of deciphering the code that makes up executable distributed code contracts (EDCCs). Porosity lends itself well to debugging, as it can revert(...)

"The trend we see now is companies focusing on specific problems," said Matthieu Suiche, founder of Comae Technologies, a United Arab Emirates-based security company that helps organizations who have experienced breaches diagnose and recover from them. Suiche said he sees a futur(...)

As Porosity's launch comes in a month when ethereum smart contracts written for CoinDash, Parity and Veritaseum have all been hacked, Suiche thinks his chosen profession as a reverse engineer is about to see increased demand.

Today at Black Hat, Matt Suiche of Comae Technologies who has done extensive work analyzing the ShadowBrokers, recapped the last year of activity around the group.

An expert on the group, Matt Suiche, accused them of making false claims to boost their profile during a presentation on the group at the BlackHat conference on Thursday. He spoke hours after they raised their subscription service price. Suiche, founder of Comae Technologies, was (...)

The Shadow Brokers - Cyber Fear Game-Changers (9:05 a.m.): "Who are The Shadow Brokers? I have no clue. Nobody really does," says security researcher Matt Suiche, managing director of Dubai-based incident response firm Comae Technologies. In this presentation, however, Suiche pro(...)

Matt Suiche, founder of Comae Technologies and the foremost expert on the group who claims to have stolen the exploits used in WannaCry, will present on the so-called ShadowBrokers

Cybersecurity expert Matt Suiche told NPR that hotels are being targeted more frequently by criminals. For example, he pointed out, a hotel in Austria was recently the victim of a ransomware attack that temporarily prevented it from making new room keys in its electronic key syst(...)

"Now I’m wondering if there are similar software companies that have been compromised that could be the source of similar attacks," says Matt Suiche, the founder of Dubai-based Comae Technologies, who has been analyzing the Petya strain since it first appeared. "The answer is, (...)

Suiche told Motherboard that he thinks the hackers are just "trolling," trying to confuse researchers and journalists. Moreover, it's possible that some files could not be decrypted, and victims might not be able to provide hackers with a unique fingerprint that the ransomware cr(...)

Matt Suiche, a security researcher who has analyzed NotPetya, was skeptical about the alleged hackers' motives, saying they are just "trolling journalists." "This is a fear, uncertainty and doubt case," Suiche, who's the founder of Comae Technologies, told Motherboard in an online(...)

Matt Suiche, the founder of Comae Technologies cybersecurity firm, told Sputnik that ExPetr was not ransomware, but rather a wiper designated to damage infected computer systems.

In a webinar, Juan Andres Guerrero-Saade, from Kaspersky’s global research & analysis team, and Matt Suiche, from Comae Technologies, said that they have labeled the attack as destruction instead of ransomware. "Normally that wouldn't be the consideration with something consid(...)

However on Friday, Matt Suiche, the founder of Comae Technologies cybersecurity firm, told Sputnik that ExPetr was not ransomware, but rather a wiper designated to damage infected computer systems.

Given those facts, some experts believe that the real purpose of the attack was to destroy the files on targeted computers. Comae technologies explained how the malware was in fact a wiper—a virus that aims to destroy and damage—in the guise of ransomware. The virus is also b(...)

Matt Suiche, the founder of Comae Technologies, explained in an online post that it was designed to "destroy and damage." "Different intent. Different motive. Different narrative," he wrote. A number of global companies were hit by a massive IT system attack earlier in the week.

ExPetr is not ransomware but rather a wiper designated to damage infected computer systems, Matt Suiche, the founder of Comae Technologies cybersecurity firm, told Sputnik on Friday. Suiche supposes that the aim of the attack was to disrupt the work of the companies and businesses targeted as the attacks "motives were apparently not to just temporarily limit the victims" access to information but rather to destroy and damage the systems.

Likewise, Matt Suiche, founder of cybersecurity firm Comae Technologies, writes on his website, "The goal of a wiper is to destroy and damage ... Different intent. Different motive. Different narrative." Suiche says the perpetrator wanted to disguise the intent of the attack. "We believe the ransomware was in fact a lure to control the media narrative," Suiche writes, "... to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon."

Likewise, Matt Suiche, founder of cloud security company Comae Technologies, agreed. "The ransomware was a lure for the media. This variant of Petya is a disguised wiper," he warned.

Security researcher Matt Suiche lays out the bad news in a blog post for cybersecurity firm Comae Technologies. He notes that while an earlier version of Petya, from which NotPetya gets its name, technically allowed for the decryption of files, NotPetya doesn't. '2016 Petya modif(...)

"Ransomwares and hackers are becoming the scapegoats of nation state attackers. Petya is a wiper not a ransomware."

According to Comae Technologies researcher Matt Suiche, there is bug in the malware’s encryption code that prevents any decryption key from working. That is something independent of the fact the German email provider Posteo shut down the attacker’s email address preventing vi(...)

"It’s someone who wants to shut down Ukraine and make it look like ransomware," said Matthieu Suiche, founder of of cyber-security provider Comae Technologies. "And like what happened back in December with the power grid, it’s a political motive."

Matt Suiche, from security firm Comae, described the variant as a "wiper" rather than straight-forward ransomware. "The goal of a wiper is to destroy and damage," he wrote, adding that the ransomware aspect of the program was a lure to generate media interest. Mr Suiche wrote: "2016 Petya modifies the disk in a way where it can actually revert its changes, whereas, 2017 Petya does permanent and irreversible damages to the disk."

Moreover, the email address to make a payment to retrieve data is no longer accessible, said Matt Suiche, a hacker and founder of Comae Technologies, a cybersecurity firm. He said in a blog post this week that the ransomware feint was probably a way to make people think "some mysterious hacker group" was behind the attack rather than a nation state. "The fact of pretending to be a ransomware while being in fact a nation-state attack . . . is in our opinion a very subtle way for the attacker to control the narrative of the attack," Suiche said.

The Verge pointed to a blog post by Comae's Matthieu Suiche, who concluded, after breaking down Petya's inability to decrypt data, that an attempt to destabilize Ukraine on the digital front must have been the real aim of the attack. "Pretending to be a ransomware while being in fact a nation state attack [is] in our opinion a very subtle way from the attacker to control the narrative of the attack," Suiche wrote.

We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as(...)

Matt Suiche, founder of the cybersecurity firm Comae, writes in a blog post today that after analyzing the virus, known as Petya, his team determined that it was a 'wiper,' not ransomware. "We can see the current version of Petya clearly got rewritten to be a wiper and not a actual ransomware," Suiche writes.

Some security researchers have questioned whether this attack can even be properly categorized as ransomware. Matthieu Suiche, CEO and founder of the Dubai-based cybersecurity firm Comae, told Fortune that he believes it is more appropriately considered as 'wiper' malware, meaning malicious software that intends to destroy data rather than hold it hostage. Other experts have agreed with the essence of Suiche's analysis.

Comae Technologies, which looked closely at how the malware operated, suggests it was designed to look like ransomware, but was in fact a type of malware called a wiper, which destroys all records from the system. "We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incident, to attract the attention on some mysterious hacker group rather than a national state attacker," Matt Suiche, founder of Comae Technologies, wrote in a blog post on Wednesday.

An analysis of a unique variant of Petya ransomware conducted by Comae Technologies' Matthieu Suiche reveals that computer code in the June 27 version of the malware is different than previous samples which were tied to incidents involving monetary gain. The primary difference between past Petya variants and Tuesday's malware comes in the form of a small block of code that effectively commands the virus to "erase the Windows system's Master Boot Record (MBR) on default," said Suiche. "After comparing both implementations, we noticed that the current [implementation] that massively infected multiple entities in Ukraine was in fact a wiper, which just trashed the 25 first sector blocks of the disk," Suiche wrote in a blog post.

Matthieu Suiche, the founder of Dubai-based Comae Technologies, said the ransom demand was merely 'a mega-diversion.' In a blog post, he wrote that the code pointed not to criminals, but 'in fact a nation state attack.'

The attack is 'an improved and more lethal version of WannaCry' said Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware when he created a kill switch that stopped the attacks. In just the last seven days, Mr. Suiche noted, WannaCry had tried to hit an additional 80,000 organizations but was prevented from executing attack code because of the kill switch.

Matthieu Suiche, the founder of security firm Comae Technologies, wrote on Twitter. Microsoft had patched the EternalBlue vulnerability in March, prior to WannaCry's spread in May, which protected some systems from the infection. Based on the extent of damage Petya has caused so far, though, it appears that many companies have put off patching, despite the clear and potentially devastating threat of a similar ransomware spread. These systems apparently remain vulnerable even after Microsoft released multiple patches for legacy systems, like Windows XP, that the company no longer supports. And publicity about the attack led many system administrators to prioritize upgrading their systems for defense. But Petya's spread using EternalBlue shows how dire the patching landscape really is.

Security researcher Matthieu Suiche said the virus was designed to encrypt files on infected machines. He said it was very unlikely, given the damage to organisations such as Honda and Britain's National Health Service, the security cameras would have come through unscathed as claimed

French incident response expert Matt Suiche, managing director at Dubai-based Comae Technologies, says in an English-language overview of the French-language ANSSI presentation. "But this machine was not connected to the internal network, and was quickly classified as [a] dead-end by the attacker."

Suiche, based in Dubai and one of the world's top independent security researchers, provided advice and testing to ensure the fix worked across all various versions of Windows. His blog post links to a Delpy's 'wanakiwi' decryption tool which is based on Guinet's original concept. His idea involves extracting the keys to WannaCry encryption codes using prime numbers rather than attempting to break the endless string of digits behind the malicious software's full encryption key."This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups which allow users to restore data without paying black-mailers."

Matt Suiche, the founder of CloudVolumes and Comae, published a blog post that describes how Benjamin Delpy's wanawiki tool works: It sniffs out the prime numbers used by the ransomware to reconstruct the key used to encrypt your PC. Once the wanawiki tool is run, the software can basically generate the key, and the tool will then unlock the encypted files.

Suiche stresses that victims should not reboot their infected machines if they haven't already. Suiche, who did a breakdown of the crypto implementation of WannaCry during a webinar with Kaspersky Lab this week, said today that the killswitch domain he registered is still recording infection attempts, including a spike of almost 5,000 last night from Malaysia.

Suiche published a blog with technical details summarizing what the group of passing online acquaintances (goo.gl/iIFDZs) has built and is racing to share with technical staff at organizations infected by WannaCry.

"This tool isn't perfect, but if companies don't have back up this is their only hope," said Suiche.

Within 24 hours, another pair of French researchers, Benjamin Delpy and Matt Suiche, say they've now adapted the tool to work on Windows 7, too.

Comae Technologies Founder Matt Suiche discusses the global risks of malware attacks. He speaks on "Bloomberg Markets: Middle East." (Source: Bloomberg)

"It's something we started to see more and often in the past few years," said Matt Suiche, founder of the Dubai-based Comae Technologies, who played a key role in unearthing a vital clue in the WannaCry mystery. "What we see is that security needs to be a joint effort. Open source collaboration and cooperation are very important to help us work together on these issues."

"ShadowBrokers are back" tweeted Matthieu Suiche, a French hacker and founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Brokers' releases and believes the group has access to NSA files. Another member of the cybersecurity community tweeted:

Separately, security researcher Matthieu SuicheΓÇÅ has registered a second kill switch found in one version of the malware and says that stopped around 10,000 machines from being infected.

Another researcher, Comae Technologies' Matthieu Suiche, corroborated the findings. That suggests Lazarus borrowed code for WannaCry from its own, existing tools.

Matthieu Suiche, founder of cybersecurity company Comae Technologies, also highlighted apparent similarities.

"WannaCry and this [program] attributed to Lazarus are sharing code that's unique. This group might be behind WannaCry also," Suiche said, as cited by Wired.

"ShadowBrokers are back" tweeted Matthieu Suiche, a French hacker and founder of the United Arab Emirates-based cyber security firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files

"We are in the second wave," said Matthieu Suiche of Comae Technologies. "As expected, the attackers have released new variants of the malware. We can surely expect more."

"ShadowBrokers are back" tweeted Matthieu Suiche, a French hacker and founder of the United Arab Emirates-based cyber security firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

Matt Suiche, chief executive officer and co-founder of a security startup based in Dubai, also registered a site to blunt the second attack.

Matt Suiche, founder of United Arab Emirates-based cyber security firm Comae Technologies, said he's seen a variant on the original malware that still contains a kill-switch mechanism -- though future versions could find a way to overcome it. "We are lucky that this logic bug is still present," Suiche said

Matthieu Suiche, founder of security firm Comae Technologies, has been doing similar work in registering domains used by new variants and shutting them down. "I don't care about that... if he's Madonna or not," Suiche said. "Tell them to harass me, I want more followers than The Grugq [a well-known security expert with a large Twitter following]."

As Bloomberg reports that Matt Suiche, founder of United Arab Emirates-based cyber security firm Comae Technologies warns a new version of the ransomware may have also been spreading over the weekend.

and echoed by other researchers including Matthieu Suiche from UAE-based Comae Technologies.

But Suiche sees the Contopee link as a strong clue about WannaCry's origins. The Dubai-based researcher has closely followed the WannaCry malware epidemic since Friday, and over the weekend he identified a new "kill switch" in an adapted version of the code, a web domain the WannaCry ransomware checks to determine whether it will encrypt a victim's machine. Just before Mehta's finding, he identified a new URL "this time, one that begins with the characters "ayylmao. "That LMAO string, in Suiche's view, is no coincidence. "This one looks like an actual provocation to the law-enforcement and security community," Suiche says. "I believe that's North Korea actually trolling everyone now."

Other security researchers other than the Mehta have noticed the same similarity, such as Comae Technologies' Matthieu Suiche, who also discovered and killed a new variant by activating the kill switch.

Darien Huss and founder of Comae Technologies Matthieu Suiche. All have been actively investigating and defending the web against WannaCry and were intrigued at the possible link to North Korea.

Representatives from three major cybersecurity firms: Symantec Corp. SYMC 3.19% , Kaspersky Lab ZAO and Comae Technologies later on Monday said they found the same the link.

Suiche of Comae Technologies said he had done the same for one of the new variants of malware to surface since the initial wave.

"From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comae Technologies.

Security researcher Matthieu Suiche, of Comae Technologies in the United Arab Emirates, said the hackers may be sending a message in some of the code that's showing up, suggesting their purpose is to stir political mayhem.

Matt Suiche, a Dubai-based security researcher, told Wired it "would be a lot of trouble" for hackers "to write ransomware, target everyone in the world, and then make a fake attribution to North Korea."

Matt Suiche, founder of United Arab Emirates-based cyber security firm Comae Technologies, said around 10,000 machines have been infected by the second variation of the malware.

Copycat variants of the malicious software behind the attacks have begun to proliferate, according to experts who were on guard for new attacks. "We are in the second wave," said Matthieu Suiche of Comae Technologies, a cybersecurity company based in the United Arab Emirates. "As expected, the attackers have released new variants of the malware. We can surely expect more."

"We are in the second wave," Matthieu Suiche of Comae Technologies, tells the New York Times. "As expected, the attackers have released new variants of the malware. We can surely expect more."

Writing on his blog, Matt Suiche, the founder of Comae Technologies, elaborated on some of the new variants of the ransomware that cybersecurity specialists are finding in the wild.

Fortunately, security researchers @benkow_ spotted the domain and Matthieu Suiche registered the kill switch Sunday. Suiche added:I highly suspect there are multiple variants in the wild with multiple kill switches! #WannaCry Good news is: there are still kill switches!MalwareTech confirmed the "new kill switch" had been transferred to his sinkhole. On Sunday, Suiche warned, "Until people update and upgrade their operating systems, they are still at threat. The fact I registered the new kill-switch is only a temporarily relief which does not resolve the real issue, which is that people are running out-of-support Operating Systems."

"Currently the spreading of the ransomware is slowed down dramatically because a researcher found a logic bug in the malware, not because the companies around the world are having good security practice," Matt Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates, told ABC News on Saturday. Suiche said the cyberattackers could soon release a new update to the malware, making it more robust and resuming the global infection. "I'd even say this update probably already happened," he added.

Updated: However, Suiche also confirmed that the modified variant with no kill switch is corrupted, but this doesn't mean that other hackers and criminals would not come up with a working one.

Mr Suiche told The National that "mature" organisations running old operating systems that weren't regularly patched were especially vulnerable

"The kill switch is why the U.S. hasn't been touched so far," said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. "But it's only temporary. All the attackers would have to do is create a variant of the hack with a different domain name."

"The kill switch is why the U.S. hasn't been touched so far," said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. "But it's only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that."

A complex and powerful implant codenamed PASSFREELY that is mentioned in the trove of documents allows for an attacker to bypass the authentication process behind Oracle servers, security researcher Matt Suiche told CyberScoop.

The Shadow Brokers also released step-by-step evidence outlining the NSA's penetration of secure financial transactions between Middle Eastern banks. Matt Suiche, the founder of cybersecurity firm Comae Technologies, said it's one the clearest pictures ever of both the United States's cyber-capabilities and the global financial system's vulnerabilities.

Of course, the number of attempts to target organizations involved in SWIFT may be much larger. As Suiche asks in a blog post: "How many of those service bureaus may have been or are currently compromised?"

Suiche explained these bank transactions are handled on an Oracle database running SWIFT software. The archive includes tools used by the NSA to take data from the Oracle installation, including a list of users and SWIFT message queries, Suiche said.

Some of the exploits allegedly used by the NSA relied on vulnerabilities in older and not-supported SKUs (stock-selling units) of Windows Server, according to Matt Suiche, founder of the security firm Comae Technologies, who named Windows 2003 specifically.

Due to the detailed description of service bureau infrastructure in the Shadow Brokers documents, Suiche believes the leak could be harmful to the SWIFT network.

The documents appear to indicate NSA efforts to directly monitor SWIFT providers' activities in order to detect funds transfers by militant or criminal groups, according to security researcher Matt Suiche.

Matt Suiche, founder of cybersecurity firm Comae Technologies, wrote in a blog post that screen shots indicated some SWIFT affiliates were using Windows servers that were vulnerable at the time, in 2013, to the Microsoft exploits published by the Shadow Brokers.

"This is by far the most brutal dump," said Comae Technologies founder Matt Suiche, who has closely followed the group's disclosures and initially helped confirm its connection to the NSA last year.

Matt Suiche, founder of cybersecurity firm Comae Technologies, wrote in a blog post that screen shots indicated some SWIFT affiliates were using Windows servers that were vulnerable at the time, in 2013, to the Microsoft exploits published by the Shadow Brokers. He said he concluded that the NSA took advantage and got in that way.

"If you hack the service bureau, it means that you also have access to all of their clients, all of the banks," said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, speaking to Reuters.

"If you hack the service bureau, it means that you also have access to all of their clients, all of the banks," said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

"As soon as they bypass the firewalls, they target the machines using Microsoft exploits," Suiche told Reuters. "We now have all of the tools the NSA used to compromise SWIFT (via) Cisco firewalls, Windows," he added

Matt Suiche, founder of cybersecurity firm Comae Technologies, wrote in a blog post that screen shots indicated some SWIFT affiliates were using Windows servers that were vulnerable at the time, in 2013, to the Microsoft exploits published by the Shadow Brokers. He said he concluded that the NSA took advantage and got in that way.

If the files are real, the exposed information represents a threat to the SWIFT network, said Matt Suiche, founder of security firm Comae Technologies, who has been looking over the leaked files.

Snowden mentioned that Microsoft "needs to take real action" in response to the leak, to which computer security researcher Matt Suiche, founder of UAE-based Comae Technologies, suggested that Microsoft may have been tipped off by "someone."

Founder of Comae technologies, Mr. Matt Suiche, told media: "If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,"

Matt Suiche, founder of the cybersecurity firm Comae Technologies, notes that one particular SWIFT bureau was targeted

The swift folder contains PowerPoint slides suggesting that the Middle East network used by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) for financial transactions was targeted by the NSA, according to a blog post by Microsoft Most Valuable Professional Matt Suiche.

IP addresses listed alongside the institutions do not correspond to machines at the institutions, according to security researcher Matt Suiche.

"It shows that they have a lot more than what we originally thought," said security researcher Matt Suiche, "the Shadow Brokers previously claimed this all came from a compromised NSA attack/staging server … you wouldn't host presentation slid"

"In this case, if Shadow Brokers claims are indeed verified, it seems that the NSA sought to totally capture the backbone of international financial system to have a God's eye into a SWIFT Service Bureau ' and potentially the entire SWIFT network," said researcher Matt Suiche in a blog posted today explaining his analysis of the data dump.

Matt Suiche, Microsoft MVP and founder of Comae Technologies, based in the United Arab Emirates, wrote on Medium this release details evidence "of the largest infection of a SWIFT Service Bureau to date."

"This is the equivalent of hacking all the banks in the region without having to hack them individually," says Suiche, founder of UAE-based incident response and forensics startup Comae Technologies. "You have access to all their transactions."

"This would make a lot of sense that the NSA compromise this specific SWIFT Service Bureau for Anti-money laundering (AML) reasons in order to retrieve ties with terrorists groups," Suiche wrote.

Computer security researcher Matt Suiche, founder of UAE-based Comae Technologies, who helped confirm that prior NSA leaks from the Shadow Brokers are real, has been updating a blog post on Friday's document dump. "This is by far, the most interesting release from Shadow Brokers as it does not only contain tools," he wrote.

Comae Technologies founder Matt Suiche, who has closely followed the disclosures, said the latest release was unusual because it explicitly identified alleged NSA targets.

That may be true as far as Microsoft products still under support, noted hacker Matt Suiche noted in a blog post. But some of the exploits target Windows XP, which has been out of support since 2014, and Windows Vista, which went out of support on April 11.

Reuters reports that SWIFT also claims there's no evidence its network has been accessed. Meanwhile, Matt Suiche looked through the documents and writes about what they show,

"This is the equivalent of hacking all the banks in the region without having to hack them individually, Matt Suiche, founder of UAE-based incident response and forensics startup Comae Technologies, told Wired. "You have access to all their transactions."

If the files are real, the exposed information represents a threat to the SWIFT network, said Matt Suiche, founder of security firm Comae Technologies, who has been looking over the leaked files.

"This is the equivalent of hacking all the banks in the region without having to hack them individually," says Suiche, founder of UAE-based incident response and forensics startup Comae Technologies.

"If you hack the service bureau, it means that you also have access to all of their clients, all of the banks," said Matt Suiche, founder of the United Arab Emirates-based cybersecurity firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.

"This is by far the most brutal dump," said Comae Technologies founder Matt Suiche, who has closely followed the group's disclosures and initially helped confirm its connection to the NSA last year.

Matt Suiche, Microsoft MVP and founder of Comae Technologies, based in the United Arab Emirates, wrote on Medium this release details evidence "of the largest infection of a SWIFT Service Bureau to date."

Matt Suiche, founder of Comae Technologies FZE, a company that investigates computer intrusions, said the documents include Excel files supposedly containing employee login credentials as well as information allegedly about customers, and that the Windows attack tools appear to work as indicated.

Friday's dump also contains code for hacking into banks, particularly those in the Middle East. According to this analysis by Matt Suiche, a researcher and founder of Comae Technologies, Jeepflea_Market is the code name for a 2013 missio

Außerdem wussten die Hacker anscheinend Bescheid, wie die interne Infrastruktur dieses Anbieters beschaffen war, wie der IT-Sicherheitsforscher Matt Suiche in einem Blogpost schreibt. Über eigens geschriebene Programme konnten die Hacker gezielt nach Swift-Zahlungen suchen. Alles in allem hätten die Angreifer "volle Kontrolle", oder, wie Suiche auf Nachfrage sagt: God's eye; das Auge Gottes, das alles sieht.

"A SWIFT Service Bureau is the kind of the equivalent of the Cloud for Banks when it comes to their SWIFT transactions and messages; the banks' transactions are hosted and managed by the SWIFT Service Bureau via an Oracle Database and the SWIFT Softwares," security researcher Matt Suiche explains in a blog post.

"This is by far, the most interesting release from Shadow Brokers as it does not only contains tools," researcher Matt Suiche, founder of UAE-based cyber security firm Comae and the Dubai cybersecurity conference OPCDE, wrote in a Medium post.

"Attackers always look for the weakest link of the chain," said Matt Suiche, founder of United Arab Emirates-based cyber-security startup Comae Technologies. "Third party platforms are perfect targets. It makes lots of sense."

The data confirm the CIA maintains “an extensive database of cyberweapons,” said Matt Suiche, a well-known hacker who founded cybersecurity start-up Comae Technologies. “It also shows they are buying from third parties, and that they are closely following every advancement” in cybersecurity.

A tool called TinyShell appears to allow the CIA hackers full remote control of an infected television, including the ability to run code and offload files, says Matt Suiche, a security researcher and founder of the UAE-based security firm Comae Technologies. "I would assume that, by now, they would definitely have exploits for Samsung TVs," Suiche says. "This shows that they’re interested. If you’re doing the research, you’re going to find vulnerabilities." Samsung did not respond to WIRED’s request for comment.

"It looks like Google researchers were well aware of Sofacy before it was publicly disclosed," Matt Suiche, security researcher and the founder of Comae Technologies told Motherboard, after reviewing the report. "And also attributed Sofacy and X-Agent to Russia before it was publicly done by FireEye, ESET or CrowdStrike."

«По всей видимости, исследователям Google было хорошо известно о Sofacy до того, как информация стала публичной, - отметил специалист Comae Technologies Мэтт Суиче (Matt Suiche) в интервью Motherboard. - Они также приписали Sofacy и X-Agent России до того, как это сделали FireEye, ESET или CrowdStrike».

"It looks like Google researchers were well aware of Sofacy before it was publicly disclosed," Matt Suiche, a security researcher and the founder of Comae Technologies and the OPCDE conference, told Motherboard in an online chat after reviewing the report.

"This dump contains Windows Implants and not Unix tools, reinforcing the insider theory. And the outdated Windows target of those implants reinforce the opinion that Shadow Brokers only has old dirt," said Matt Suiche, founder of United Arab Emirates-based cybersecurity startup Comae Technologies. "There is no reason to have all the tools of every platforms etc. on a staged server."

Comae Technologies, which wants to use artificial intelligence to solve crimes. After team members worked in Dubai, 14 of the startups are relocated to the city, according to the Foundation.

A UAE-based security startup Comae’s researcher Matt Suiche discovered while inspecting the links that around 331 IP addresses were compromised through the spy tools pair known as Intonation and PitchImpair. According to Suiche, currently there is not a great deal of information available but most of the folders contain some configuration variables and metadata but there isn’t any "source code this time."

One example of the successful entries is Comae Technologies, a UAE-based Cyber Security start up specialized on memory forensics for both digital forensics and incident response to cyber incidents purposes. According to US tech giant and cybersecurity specialists Symantec, the number of zero-day vulnerabilities (a hole in software that is unknown to the vendor) discovered in 2015 more than doubled to 54 – a 125 percent increase from 2014. This makes start-ups such as Comae not only relevant but necessary for cities and governments in the 21st century.

After viewing the code, Green told The Intercept the MSGID string’s occurrence in both an NSA training document and this week’s leak is “unlikely to be a coincidence.” Computer security researcher Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies, who has been particularly vocal in his analysis of the ShadowBrokers this week, told The Intercept “there is no way” the MSGID string’s appearance in both places is a coincidence.

“An insider could have stolen them directly from the NSA, in a similar fashion to how [Snowden] stole an untold number of the spy agency’s top secret documents. And this theory is being pushed by someone who claims to be, himself, a former NSA insider.” Security researcher and hacker Matt Suiche also explored the same theory with another anonymous ex-NSA analyst.

His remarks about looking at the files are interesting, especially in light of a post on Medium by Matt Suiche, the founder of Comae Technologies. He claimed that he was contacted by a former NSA analyst who offered a somewhat-redacted image of an award citation received while working inside the agency for the US Army to prove his bona fides.

However, Matt Suiche, the CEO of a Dubai-based cybersecurity company, wrote that the problem with this theory is that the NSA exposed the hacking tools on a server. “Making a mistake is not impossible,” for the Tailored Access Operation (TAO) – the NSA’s hacking team, Suiche noted.

هذا وقد أكد العديد من الخبراء في مجال الأمن المعلوماتي وعلى رأسهم مؤسس شركة “Comae Technologies” لحماية الإنترنت مات سويتش أن رمز الحاسوب المسرب يشير أنه من أدوات “NSA“.

“The (Tailored Access Operations) Team had severe concerns about how easy it was to just walk out with the data on a USB drive,” Matt Suiche, a French hacker, wrote Wednesday in a blog posting.

Comae Technologies founder Matt Suiche said the theory of a disgruntled insider couldn't be ruled out. In a blog post , Suiche said he'd been contacted by a former NSA analyst who pointed out that the tools leaked online normally resided on a segregated network and that the way they were named suggests the data was copied direct from the source. Suiche cautioned it was just a theory.

Matt Suiche, a security researcher who analyzed the code that has been publicly released by the Shadow Brokers, tells NPR's Aarti Shahani that it does appear to be a compilation of tools used by the NSA.

Matt Suiche, the CEO of UAE-based cybersecurity company Comae, who's been following the leak since the beginning, is skeptical.

“Given the timeframe (Post-DNC hack), this could possibly be orchestrated by the Russian government so America will be stuck with Donald Trump as a President,” said Matt Suiche in a Medium post.

Matt Suiche, the founder of United Arab Emirates-based cybersecurity startup Comae Technologies, said he and others looking through the data were convinced it came from the NSA. "There's zero debate so far," he said in a telephone interview.

Although the alleged breach could just be an extravagant hoax, experts who reviewed a preliminary data dump teased alongside the hackers' garbled sales pitch said that the files, amazingly, looked authentic. "This appears to be legitimate code," Matt Suiche, a French cybersecurity entrepreneur, wrote in a Medium blog post, echoing what others had posted on Twitter (TWTR).

One of those researchers was Matt Suiche, the CEO of UAE-based cybersecurity company Comae. In his analysis, he used the Github API to find an email address linked to one of the accounts that published the data. If law enforcement were to dig into this case, then that email account is likely of interest to investigators: perhaps they could find out more about the user's identity, or their location.

"The data appears to be relatively old; some of the programs have already been known for years," and are unlikely "to cause any significant operational damage," researcher Claudio Guarnieri told Reuters. Meanwhile, Matt Suiche, founder of UAE-based security startup Comae Technologies, concluded the tools looked like they "could be used."

"The code in the dump seems legitimate, especially the Cisco exploits ... and those exploits were not public before," Matt Suiche, founder of UAE-based cybersecurity start-up Comae Technologies, told Forbes. "The content seems legit." Suiche, who detailed the products affected in a post on Medium, also said that the connection to the Equation Group, however, could have been faked.

Among the sample files released by the group are exploits that target equipment sold by companies including Cisco, Juniper, Fortigate and Topsec, a Chinese network security firm, according to Matt Suiche, founder of UAE-based incident response and forensics startup Comae Technologies.

“The code in the dump seems legitimate, especially the Cisco exploits (Most of the dump contains Firewall exploits), and those exploits were not public before,” said Matt Suiche, via electronic chat. Suiche is the founder of United Arab Emirates-based cybersecurity start-up Comae Technologies and has been actively analyzing the source code portions released as proof.

The exploits specifically target firewall technology from Cisco, Juniper, Fortinet, and Chinese provider Topsec, said Matt Suiche, CEO of cyber security startup Comae Technologies, in a blog post.

"I haven't tested the exploits, but they definitely look like legitimate exploits," Matt Suiche, founder of UAE-based cyber security firm Comae Technologies, told the Daily Dot.

Still, they appeared to be genuine tools that might work if flaws have not been addressed. After examining the code released Monday, Matt Suiche, founder of UAE-based security startup Comae Technologies, concluded they looked like "could be used."

The exploits specifically target firewall technology from Cisco, Juniper, Fortinet and Chinese provider Topsec, said Matt Suiche, CEO of cybersecurity startup Comae Technologies, in a blog post.

Matt Suiche, CEO of cybersecurity startup Comae Technologies, has also been looking through the sample files since their publication. "I haven't tested the exploits but they def look like legitimate exploits, using third party libraries like scapy etc - at least for the Cisco ASA we can also see several shellcodes," he said.

"I haven't tested the exploits, but they definitely look like legitimate exploits," Matt Suiche, founder of UAE-based cybersecurity startup Comae Technologies, told the Daily Dot.

Samples of the stolen files are dated most recently to 2013 and contain implants, exploits, and other tools for controlling routers and firewalls, including those from Cisco Systems, Juniper, Fortigate, and China-based Topsec, according to this analysis from Matt Suiche, cofounder and CEO of security firm Comae Technologies.

"The code in the dump seems legitimate, especially the Cisco exploits ... and those exploits were not public before," said Matt Suiche, founder of UAE based cybersecurity start-up Comae Technologies. "The content seems legit."

“The more we look at it…it looks more and more like a tool kit from the NSA,” said Matt Suiche, the founder of Comae Technologies FZE, a computer-security startup based in the United Arab Emirates.

"It definitely looks like a toolkit used by the NSA," said Matt Suiche, a French computer researcher who has been reviewing the leaked code.