Notorious NSA contractor-turned-privacy advocate Edward Snowden today took to Twitter to discuss the details of yesterday’s ‘Equation Group’ hack. The Equation Group — allegedly an offshoot of the NSA — saw its defenses penetrated by a group calling itself ‘The Shadow Brokers.’ Eventually this data began to make its way online.
The collected data is reported to be a cache of hack tools, known as binaries. According to Snowden, these tools are uploaded onto an NSA staging server as part of on-going operations to target and trace rival malware servers. The practice is known as Counter Computer Network Exploitation, or CCNE — a process that allows NSA hackers to steal tools used by foreign (or domestic rival) hackers in order to fingerprint them.
Once fingerprinted, we can identify tools that were used in other attacks and begin to trace their origin.
3) This is how we steal their rivals' hacking tools and reverse-engineer them to create "fingerprints" to help us detect them in the future.
— Edward Snowden (@Snowden) August 16, 2016
After initializing the operation, NSA hackers are instructed to remove the binaries from the server. But according to Snowden, sometimes people get lazy. This leads to the tools being stolen and fingerprinted by our rivals instead — the most likely scenario in the Equation Group hack.
Snowden believes the hack is likely of Russian origin and intended to be a warning that “someone can prove US responsibility for any attacks that originated from this malware server.”
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
— Edward Snowden (@Snowden) August 16, 2016
Simply put, the hackers that leaked the data on this server also provided unique fingerprints to state sponsored hacking tools. These same tools may have been used to hack rival governments, like Russia, North Korea, Iran or — to a lesser extent — China. In a worst-case scenario, they could have been used to hack our allies. If proven, this confirmation could have disastrous consequences on foreign policy.
Snowden warns that this situation could “get messy” very fast.
Get the TNW newsletter
Get the most important tech news in your inbox each week.