‘You’re welcome’: Snowden casts light on NSA hack

NewImage

The files released by a hacker group that claims to have breached the NSA are authentic, whistleblower Edward Snowden has said, explaining the documents’ importance and potential impact on the US elections and relations with allies around the world.

The files released by a hacker group that claims to have breached the NSA are authentic, whistleblower Edward Snowden has said, explaining the documents’ importance and potential impact on the US elections and relations with allies around the world. 

Over the weekend, a mysterious group called Shadow Brokers posted “samples” of files purloined from the Equation Group – widely believed to be a front for the National Security Agency – and said it would sell the rest in exchange for bitcoin. The NSA has yet to comment on the authenticity of the files.

Snowden, who blew the whistle on NSA surveillance operations in 2013, posted a series of tweets on Tuesday with his take on the hack.

“NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is,” the whistleblower wrote, adding, “I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.”

A hacker calling himself Guccifer 2.0 has claimed to have breached the computers of the Democratic National Committee, releasing the first batch of documents on his blog in June. Just ahead of the party’s convention in July, WikiLeaks published even more files, which Guccifer 2.0 says he provided. Last week, the hacker published phone numbers, emails and passwords of congressional Democrats as well. The DNC has blamed the Russian government for the hack, though.

Noting that “circumstantial evidence and conventional wisdom” have placed the blame for the hack on Russia, Snowden speculated that the Equation Group hack is “likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.”

If the hacked files can prove that Washington has been hacking its allies, or even interfering in their elections, revealing that could have “significant foreign policy consequences,” Snowden noted. “This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast,” the whistleblower concluded.

However, it is possible the files may be made public anyway, as WikiLeaks announced Monday it had “already obtained the archive of NSA cyber weapons” and intends to “release our own pristine copy in due course.”

WikiLeaks and Snowden publicly clashed last month over the issue of redacting private data that could hurt innocents if released. While Snowden’s leaks have been painstakingly scrubbed of such information, WikiLeaks has made it clear that it does not believe in editing the data in any way, and intends to publish it raw.

As a postscript to his explanation, Snowden noted that the hackers lost access to the server in June 2013 – just as he came forward with his revelations, prompting the NSA to move its cyberattack software to new servers – signing off with, “You’re welcome, NSA. Lots of love.”


Snowden on NSA hack

Curated Tweets by ‎@RT_America

  1.  

    The hack of an NSA malware staging server is not unprecedented, but the publication of the take is. Here’s what you need to know: (1/x)

    •  

  2.  

    1) NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals.

    •  

  3.  

    2) NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.

    •  

  4.  

    3) This is how we steal their rivals’ hacking tools and reverse-engineer them to create “fingerprints” to help us detect them in the future.

    •  

  5.  

    4) Here’s where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us — and occasionally succeed.

    •  

  6.  

    5) Knowing this, NSA’s hackers (TAO) are told not to leave their hack tools (“binaries”) on the server after an op. But people get lazy.

    •  

  7.  

    6) What’s new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.

    •  

  8.  

    7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.

    •  

  9.  

    8) Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here’s why that is significant:

    •  

  10.  

    9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.

    •  

  11.  

    10) That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies.

    •  

  12.  

    11) Particularly if any of those operations targeted elections.

    •  

  13.  

    12) Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.

    •  

  14.  

    13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.

    •  

  15.  

    Bonus: When I came forward, NSA would have migrated offensive operations to new servers as a precaution – it’s cheap and easy. So? So…

    •  

  16.  

    The undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak.

    •  

  17.  

    You’re welcome, @NSAGov. Lots of love.

    •  

There are no more Tweets in this timeline.


Via RT