On Monday, a hacking group calling itself the “ShadowBrokers” announced an auction for what it claimed were “cyber weapons” made by the NSA. Based on never-before-published documents provided by the whistleblower Edward Snowden, The Intercept can confirm that the arsenal contains authentic NSA software, part of a powerful constellation of tools used to covertly infect computers worldwide.
The provenance of the code has been a matter of heated debate this week among cybersecurity experts, and while it remains unclear how the software leaked, one thing is now beyond speculation: The malware is covered with the NSA’s virtual fingerprints and clearly originates from the agency.
The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public. The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, “ace02468bdf13579.” That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.
Now many security analysts are now suggesting that this group must have hacked into the NSA in order to get their hands on these "cyber weapons" however Snowden himself offers another explanation:
Snowden, who worked for NSA contractors Dell and Booz Allen Hamilton, has offered some context and a relatively mundane possible explanation for the leak: that the NSA headquarters was not hacked, but rather one of the computers the agency uses to plan and execute attacks was compromised. In a series of tweets, he pointed out that the NSA often lurks on systems that are supposed to be controlled by others, and it’s possible someone at the agency took control of a server and failed to clean up after themselves. A regime, hacker group, or intelligence agency could have seized the files and the opportunity to embarrass the agency.
Okay, maybe. But here's a third option.
First has anybody else noticed that the number of hacks in America determined to have originated in Russia have gone up exponentially since Snowden landed there three years ago?
Remember that Snowden landed in Russia with tons of materials that he stole from the NSA.
And then there was this from July of 2013:
Edward Snowden has very sensitive ‘‘blueprints’’ detailing how the National Security Agency operates that would allow someone who read them to evade or even duplicate NSA surveillance, a journalist close to the intelligence leaker said Sunday.
Glenn Greenwald, a columnist with The Guardian newspaper who closely communicates with Snowden and first reported on his intelligence leaks, told The Associated Press that the former NSA systems analyst has ‘‘literally thousands of documents’’ that constitute ‘‘basically the instruction manual for how the NSA is built.’’ ‘
‘In order to take documents with him that proved that what he was saying was true he had to take ones that included very sensitive, detailed blueprints of how the NSA does what they do,’’ Greenwald said in Brazil, adding that the interview was taking place about four hours after his last interaction with Snowden.
So to prove that what he had was accurate, Snowden took the blueprints for how the NSA works into Russia with him.
At the time Snowden assured his critics that the information was safe in his hands:
The dramatic plot of the Edward Snowden NSA whistleblowing saga has just taken an interesting twist: in a letter to U.S. Senator Gordon Humphreys, Snowden declares himself impervious to torture.
Furthermore, he claims his encryption cannot be hacked.
From his letter, posted in the Guardian:
[N]o intelligence service — not even our own — has the capacity to compromise the secrets I continue to protect. While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China).
You may rest easy knowing I cannot be coerced into revealing that information, even under torture.
So we are left to wonder if this information was accessed by a group of Russian hackers who broke into NSA computers from the outside, was revealed through some sloppy work by a current NSA operative, or that Edward Snowden simply carried it into Russia with him and then handed it over to Vladimir Putin for a roof over his head and protection from American prosecution?
Gee, I wonder which one sounds the most likely?