On Monday 15 August, a previously unknown group of hackers called The Shadow Brokers launched an auction for what they claimed was source code from the NSA-associated Equation Group. A sample of what was claimed to be Equation Group hacking tools was also released on github and a manifesto delivered on Pastebin.
The Equation Group – named as such by researchers from Kaspersky Lab – author highly sophisticated malware that has been linked to known NSA operations, based on technical similarities and codenames that have also been found in the Snowden archive.
Similarly, names of tools in the files that have just been disclosed appear to tally with the ANT Product Catalog published by Der Spiegel in December 2013.
The provenance of the files, and why they have been released now, is disputed. Edward Snowden gave his take on the situation today:
The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here's what you need to know: (1/x)
— Edward Snowden (@Snowden) August 16, 2016
2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.
— Edward Snowden (@Snowden) August 16, 2016
4) Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us — and occasionally succeed.
— Edward Snowden (@Snowden) August 16, 2016
6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.
— Edward Snowden (@Snowden) August 16, 2016
8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant:
— Edward Snowden (@Snowden) August 16, 2016
10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.
— Edward Snowden (@Snowden) August 16, 2016
12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.
— Edward Snowden (@Snowden) August 16, 2016
Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution – it's cheap and easy. So? So…
— Edward Snowden (@Snowden) August 16, 2016
You're welcome, @NSAGov. Lots of love.
— Edward Snowden (@Snowden) August 16, 2016