Edward Snowden: Russia probably behind NSA leak

By Kevin Rawlinson
BBC News

image copyrightGetty Images
image captionEdward Snowden said he believed Russia to be behind the leak

The whistleblower Edward Snowden believes Russia is behind a leak of malware allegedly belonging to the US National Security Agency (NSA).

Hackers calling themselves Shadow Brokers started an auction for the malware last week.

The security firm Kaspersky said it believed the original files were from Equation Group, which is thought to be linked to the NSA.

A former NSA worker Dave Aitel pointed the finger at Russian involvement.

He said it was likely to be a diplomatic strategy, related to the blame being placed on Russia for a recently revealed hack of computers belonging to the Democratic party in the US.

Mr Snowden tweeted on Tuesday: "This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server."


Kaspersky has released analysis that led it to believe "with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation group".

It said that elements of a sample released by the hackers for verification displayed characteristics thought to be unique to Equation.

Equation is reported to have links to the NSA.

Shadow Brokers are holding a Bitcoin auction for the key to the remainder of the data, which it says is encrypted.

The whistleblowing website Wikileaks has also claimed to be in possession of the data and will release it in "due course".

However, the hackers themselves have raised the suggestion that they may not be true to their word.

In an FAQ, under a heading asking why they are to be trusted, the hackers wrote: "No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees."

'Covert response'

In a blogpost, Mr Aitel listed the reasons he said made it "almost certain" that the malware leak was related to the hacks perpetrated on the US Democratic party that resulted in the resignation of some of the party's senior leadership figures.

Among them, he included the timing of the auction, which comes about three years after experts believe the information was stolen.

"High level US political officials seemed quite upset about the DNC hacks, which no doubt resulted in a covert response, which this is then likely a counter-response to," he said.

In a post written on Tuesday, he added that the "ability to keep something this big quiet" for that length of time was "probably limited to only those with operational security expertise or desire to leverage those bugs for themselves".


Mr Snowden said the "hack of an NSA malware staging server is not unprecedented, but the publication of the take is".

He explained that it was common for security services to attempt to target each other's hacking tools in an effort to "create 'fingerprints' to help us detect them in the future".

He wrote: "Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack."

Suggesting that the leak was likely to be a warning, Mr Snowden added: "That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies… particularly if any of those operations targeted elections."

"Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks."

And he added: "This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast."

More on this story