Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Snowden Claims Russia is Behind NSA Hack

Former NSA contractor Edward Snowden has claimed that the Kremlin is most likely behind the recent cyber-attack on what is thought to be an NSA C&C server, and is using the data as leverage against a possible retaliation for the state-sponsored campaign against the Democrat party.

The ‘group’ known as Shadow Brokers went public earlier this week with a treasure trove of “cyber weapons” it said belong to the Equation Group – outed last year by Kaspersky Lab as probably being baked by the NSA.

Now Snowden has taken to Twitter to reveal what he believes happened – namely that the state-backed Shadow Brokers accessed a “staging server” belonging to the NSA, where it found the binaries it is now trying to ‘sell’.

“NSA's hackers (TAO) are told not to leave their hack tools (‘binaries’) on the server after an op. But people get lazy,” he explained.

“What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.”

Snowden claimed “circumstantial evidence and conventional wisdom” points to Moscow as the force behind the Shadow Brokers, and that the reason for this very public display is to warn off the NSA from any retaliatory efforts following what is widely believed to be a Russian state attack campaign designed to disrupt the coming US elections.

“This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server,” he tweeted.

“That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections.”

In short, the leak earlier this week is not an attempt by cyber-criminals to generate cash but a state-sponsored attack focused on sending a very public message that “an escalation in the attribution game could get messy fast” – should Washington be thinking that way.

Ironically, the server in question was actually cycled in 2013 after Snowden fled to Hong Kong en route to Moscow, thus cutting off the undetected Russian hackers who were inside and preventing even more secrets from spilling, Snowden claimed.

That would suggest that the Kremlin has been sitting on this information for some time, releasing it now for maximum diplomatic effect.

What’s Hot on Infosecurity Magazine?