Snowden Blames Russia for NSA Hack
Ashley Allen / 5 years ago
Shock news broke last night that the US National Security Agency (NSA) was hacked, and that the group responsible was selling the US-funded malware that it stole for one million Bitcoins. According to Edward Snowden, who has quite the famous history with the NSA, the group, who call themselves The Shadow Brokers, are likely operating on behalf of Russia.
In a series of Tweets, Snowden outlined why he considered Russia to be the perpetrator of the hack, and how the Russian state would benefit from the NSA’s stolen hacking tools being made public. According to Snowden, Russia is sending a warning shot to the US over the dangers of attributing cyberattacks. In other words, Russia is telling the US, ‘people in glass houses shouldn’t throw stones’.
“The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here’s what you need to know,” Snowden tweeted. “NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.”
The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)
— Edward Snowden (@Snowden) August 16, 2016
Snowden went on to explain:
“NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations. This is how we steal their rivals’ hacking tools and reverse-engineer them to create “fingerprints” to help us detect them in the future.
Here’s where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us — and occasionally succeed. Knowing this, NSA’s hackers (TAO) are told not to leave their hack tools (“binaries”) on the server after an op. But people get lazy.
What’s new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is. Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.
Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here’s why that is significant: This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections. Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.”
In summary, Snowden concluded:
“TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.”