+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

EDWARD SNOWDEN: Russia might have leaked alleged NSA cyberweapons as a 'warning'

Aug 16, 2016, 19:53 IST

In this handout photo provided by The Guardian, Edward Snowden speaks during an interview in Hong Kong. Snowden, a 29-year-old former technical assistant for the CIA, revealed details of top-secret surveillance conducted by the United States' National Security Agency regarding telecom data.The Guardian via Getty Images

Edward Snowden has weighed in on the alleged hack of an NSA-linked elite hacking group, suggesting it may just be a "warning" in a broader geopolitical struggle between the US and Russia.

Advertisement

On Monday, news broke that a group calling themselves "Shadow Brokers" is claiming to have hacked Equation Group, a world-class cyber-attack group believed to be part of US spy agency NSA (National Security Agency).

As nominal "proof," Shadow Brokers has released a selection of files - including alleged exploits and scripts - that it claims were stolen from Equation Group, and says it is auctioning off more.

Cybersecurity experts are assessing the unidentified group's claims, with some tentatively suggesting it could be legitimate (albeit dating back from 2013). But an equally important question being asked is: Just who is Shadow Brokers anyway?

The answer that many are considering: The Russian intelligence services.

Advertisement

Russia has previously been accused by security experts of hacking into the Democratic National Party (DNC) and leaking confidential internal documents; this may be the latest salvo in an ongoing dispute between the United States and Russia as the US considers whether to publicly blame Russia for the DNC hack.

Edward Snowden, who worked as an NSA contractor before fleeing into exile and leaking details of the United States' surveillance apparatus to journalists, explored this possibility in a stream of tweets on Tuesday.

Sergei Karpukhin / Reuters

First, he reaffirmed what other experts have been saying - that if the hack is legitimate, the NSA itself wasn't hacked, but rather a particular server used by Equation Group for an operation was. This kind of successful attack on an NSA server isn't unheard of, Snowden says. "A rival publicly demonstrating they have done so is."

"Why did they do it?" the outspoken privacy advocate asks. "No one knows, but I suspect this is more diplomacy than intelligence, related to escalation around the DNC hack ... This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server [that the hacked files originated on]. That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies."

In other words, Snowden thinks Russia is sending a warning that if the US decides to publicly blame it for the DNC, it will retaliate by leaking potentially damaging information about US cyber-intelligence operations to the world.

Advertisement

Here's what Edward Snowden tweeted, in full:

The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)

1) NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.

2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.

3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.

4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us -- and occasionally succeed.

Advertisement

5) Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ("binaries") on the server after an op. But people get lazy.

6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.

7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.

8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:

9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.

Advertisement

10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.

11) Particularly if any of those operations targeted elections.

12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.

13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.

Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So...

Advertisement

The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.

You're welcome, @NSAGov. Lots of love.

NOW WATCH: This monster truck paves its own road anywhere

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article