PARIS — The exposure of malicious software purportedly linked to the National Security Agency is likely a message from Moscow, former intelligence worker Edward Snowden said Tuesday, adding a layer of intrigue to a leak that has set the information security world abuzz.
Technical experts have spent the past day or so picking apart a suite of tools allegedly stolen from the Equation Group, a powerful squad of hackers which some have tied to the NSA. The tools materialized as part of an internet electronic auction set up by a group calling itself “Shadow Brokers,” which has promised to leak more data to whoever puts in a winning bid.
In a series of messages posted to Twitter, Snowden suggested the leak was the fruit of a Russian attack on an NSA-controlled server and could be aimed at heading off U.S. retaliation over allegations that the Kremlin is interfering in the U.S. electoral process.
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.
— Edward Snowden (@Snowden) August 16, 2016
“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” Snowden said. “This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted U.S. allies. Particularly if any of those operations targeted elections.”
Snowden didn’t return messages seeking additional comment. The NSA didn’t return emails seeking comment on his claim. Messages sent to an address registered by the Shadow Brokers were also not returned.
Allegations of Russian subversion have been hotly debated following the hack of the Democratic National Committee, an operation which Democratic politicians, security companies and several outside experts have blamed on the Kremlin. Russian officials have dismissed the claims as paranoid or ridiculous, so the message delivered by Snowden — who resides at an undisclosed location in Moscow under the protection of the Russian government — struck many as significant.
Academic Thomas Rid, whose book “Rise of the Machines” traces the earliest known Kremlin-linked computer hacking campaign in the U.S., said Snowden’s declaration would likely be interpreted as “shrewd messaging” from Russian intelligence.
Matt Suiche, the founder of United Arab Emirates-based cybersecurity startup Comae Technologies, said he and others looking through the data were convinced it came from the NSA.
“There’s zero debate so far,” he said in a telephone interview.
Story: Raphael Satter