17 Aug 2016
Yesterday we told you about a group of hackers calling themselves The Shadow Brokers auctioning off files they stole from a clandestine branch of the NSA called the Equation Group. The Equation Group was identified as part of the NSA thanks to files released by Edward Snowden, and now he’s speaking out about the hack.
According to Snowden in a series of Tweets, having a group of hackers infiltrate a NSA staging server isn’t an unprecedented occurrence, it’s the making a public showing of it that is.
The NSA has a practice called Counter Computer Network Exploitation where it traces and targets the servers that state hackers use to launch malware campaigns, as do other countries. Basically it’s how we steal our rival’s hacking tools in order to reverse engineer them so we can detect them being used against us in the future. NSA hackers are told not to leave their hacking tools on a server after an operation, because occasionally hackers do get in and the NSA doesn’t want their tools compromised. Unfortunately, sometimes people get lazy.
So why publicize it? In Snowden’s opinion and in light of the DNC hack, the reason may have more to do with diplomacy. The idea is that with all evidence pointing to Russia as responsible, publicizing the hack on the NSA is a warning that someone can prove any hack that originated from this particular NSA server. This could have significant foreign policy repercussions if it shows the NSA was behind hacks of US allies or targeted foreign elections.
While it’s impossible to know for sure, Snowden’s thinking is that whoever got into the NSA server is sending a message not to push too hard in retaliation for the DNC hack. He believes that they are saying that doing so will end up with fingers being pointing at the US spy agency as well.