V3.co.uk

Snowden points finger at Russia over NSA hack

Tweets offer possible cause for major hack

Edward Snowden NSA Prism whistleblower
Snowden thinks Russia is behind NSA hack
0 Comments

The auction of hacking tools reportedly stolen from a server belonging to Equation Group, a hacking outfit linked with the US National Security Agency (NSA), is a coded message to the US authorities, according to NSA whistleblower Edward Snowden.

He believes that the attack was genuine and that the group does have tools used by the NSA up until June 2013 when Snowden went public. However, Snowden suggested that the auction is not intended as a shakedown of the rich and gullible, but to send a message to the NSA to back off.

Snowden described in a series of tweets how online hacking by intelligence services works. "The hack of an NSA malware staging server is not unprecedented, but the publication of the take is," he tweeted.

"NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals. NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.

"This is how we steal their rivals' hacking tools and reverse-engineer them to create 'fingerprints' to help us detect them in the future.

"Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us - and occasionally succeed. Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ('binaries') on the server after an op. But people get lazy.

"What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is. Why did they do it? No-one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack."

Snowden suggested that the security services of his current hosts, Russia, are behind it.

"That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies [and] particularly if any of those operations targeted elections. Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks," he said.

"TL;DR: this leak looks like somebody sending a message that an escalation in the attribution game could get messy fast.

"Bonus: when I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So the undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak."

He signed off on the series of tweets: "You're welcome, @NSAGov. Lots of love."

V3 Latest