Exiled American whistleblower Edward Snowden recently shared his belief that Russia is responsible for leaking a malware that allegedly belonged to the United States National Security Agency.
The hackers responsible for the breach called themselves Shadow Brokers and started auctioning off the malicious software last week after apprehending it.
Security firm Kaspersky has said in a statement that it believes the original files to have come from Equation Group, a group widely assumed to be linked directly to the NSA.
Former NSA employee Dave Aitel also shared suspicions that Russia may have been involved. According to Aitel, the breach was likely all part of a diplomatic strategy that ties into Russia being widely blamed for the hack of servers belonging to the United States’ Democratic party earlier this summer.
Yesterday, Snowden tweeted that “This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.”
Kaspersky released its findings, which led the company to think “with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation group.”
The hackers released a sample of the malware they stole as a way to verify that their stolen software did indeed share characteristics thought to be unique to the Equation Group. The remainder of the data is still encrypted and can only be decrypted with a key given to the highest bidder in the Shadow Broker’s bitcoin auction.
Ex-NSA employee Aitel listed a variety of reasons why the malware leak was likely to be related to the hacks carried out on the US Democratic party, a leak which resulted in the resignation of the party’s chairwoman. One of the reasons is the auction’s timing; it is occurring around three years after experts believe that the software was originally stolen.
“High level US political officials seemed quite upset about the DNC hacks, which no doubt resulted in a covert response, which this is then likely a counter-response to,” Aitel explained. He added that the “ability to keep something this big quiet” for this length of time was “probably limited to only those with operational security expertise or desire to leverage those bugs for themselves.”
Snowden tweeted that the “hack of an NSA malware staging server is not unprecedented, but the publication of the take is.” He went on to explain that security services often tried to target each other’s hacking tools so that they could “create ‘fingerprints’ to help us detect them in the future.”
“Why do they do it? No one knows,” he continued, “but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.”
Snowden too suggested that the leak was likely a warning, adding “That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies… particularly if any of those operations targeted elections.”
“Accordingly,” he continued, “this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.”
“This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast,” he concluded.