National Security Agency leaker Edward Snowden says the exposure of malicious software allegedly linked to his former employer may be a message from Moscow, adding a layer of intrigue to a leak that has set the information security world abuzz.
Technical experts have spent the past day or so picking apart a suite of tools purported to have been stolen from the Equation Group, a powerful squad of hackers which some have tied to the NSA. The tools materialized as part of an unusual electronic auction set up by a group calling itself “Shadow Brokers,” which has promised to leak more data to whoever puts in a winning bid.
In a series of messages posted to Twitter, Snowden suggested the leak was the fruit of a Russian attack on an NSA malware server and could be aimed at heading off U.S. retaliation over allegations that the Kremlin was trying interfere in America’s electoral process.
“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” Snowden said. “This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted U.S. allies. Particularly if any of those operations targeted elections.”
Snowden did not immediately return messages seeking additional comment. The NSA did not immediately return emails seeking comment on his claim. Messages sent to an address registered by the Shadow Brokers were not returned.
The Equation Group was exposed last year by antivirus firm Kaspersky Lab, which described it at the time as a “God of cyberespionage.” Many have since speculated that the NSA is behind the group, although attribution in the field of cyberespionage is a notoriously tricky issue.