Above Photo: From money.cnn.com
Now that it appears powerful NSA cyberweapons have been leaked to the public, a former spy warns the United States might get caught red-handed.
Over the weekend, a mysterious group called “The Shadow Brokers” leaked what appear to behacking tools that the U.S. National Security Agency uses to spy on people.
This bundle of computer code is about three years old. But it’s still dangerous, since it puts a high-tech military arsenal online within reach of all kinds of criminals. They can use these tools to rob banks, steal government secrets or expose personal lives.
And on Tuesday morning, in a series of tweets, ex-NSA whistleblower Edward Snowden pointed out yet another potential repercussion from the leak.
If these digital weapons are found on a computer, that’s evidence of an attack — similar to finding fragments of a blown up missile.
Computer security researchers around the world are now reviewing computer networks for these tools. And wherever they find this leaked code, they’ll know the NSA was spying.
The United States currently claims the moral high ground and censures China, Iran, North Korea and Russia for hacking Americans. But it could soon be caught doing the same to others.
Here’s an easy-to-understand explanation of Snowden’s technical commentary on Twitter this morning, in which he describes how modern-day computer spying works.
Modern day spying 101
Ever wonder how the U.S. government can accuse China of hacking the United States?
To launch an attack, an enemy government wouldn’t hit American targets directly. That’s too easy to trace back. Instead, foreign hackers find a dummy spot to launch their attack.
For example, Chinese hackers might slip into a computer server at a company in Peru. Then they’ll use that server as a launchpad, sending commands from that computer to break into a U.S. target.
It’s like China launching a missile at the United States from Peru.
The job of NSA hackers is sneak into those enemy launchpad computer servers and scrape off computer code evidence of a breach. Next time that same code is used in an attack, the NSA can trace it back to the bad guys.
4) Here’s where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us — and occasionally succeed.
— Edward Snowden (@Snowden) August 16, 2016
But the NSA’s job is also to spy on foreign governments, so it too launches hacking missions from unsuspecting servers. And foreign governments try to collect evidence of NSA tools to identify the NSA in the future.
5) Knowing this, NSA’s hackers (TAO) are told not to leave their hack tools (“binaries”) on the server after an op. But people get lazy.
— Edward Snowden (@Snowden) August 16, 2016
The NSA’s elite hacking team, called Tailored Access Operations, is instructed to always wipe evidence of its presence after a mission. It’s like a Navy SEAL team picking up its spent ammunition shells. But sometimes evidence gets left behind.
6) What’s new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.
— Edward Snowden (@Snowden) August 16, 2016
Typically, enemy governments keep the evidence they find of an NSA hack a secret. What’s new this time around is that someone is actually calling out the United States in a way that will help other countries detect American spy activity.
7) Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.
— Edward Snowden (@Snowden) August 16, 2016
Here, Snowden is referring to recent veiled accusations by the United States that Russia hacked the Democratic National Committee. The U.S. government hasn’t formally pointed the finger, but officials are hinting to reporters that Russia is messing with American politics.
Snowden thinks this NSA tool leak could be a message to the United States: You toy with foreign politics too — don’t be hypocritical.
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
— Edward Snowden (@Snowden) August 16, 2016
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast.
— Edward Snowden (@Snowden) August 16, 2016
Snowden ended his screed by pointing out an interesting tidbit. Even though these NSA tools have just been leaked, it appears that they were stolen back in 2013 — a short time after Snowden blew the whistle on NSA spying on Americans. At that point, the NSA went into lockdown mode and ramped up security.
So, ironically, the NSA’s response to Snowden’s alleged treachery might have actually prevented enemy hackers from continuing to steal NSA tools.
You’re welcome, @NSAGov. Lots of love.
— Edward Snowden (@Snowden) August 16, 2016