The NSA’s special operations team, an organization called the “Equation Group,” has just become the victim of a cyberattack by a potentially Russian-based hacking group called “The Shadow Brokers”. According to some former employees of the US National Security Agency, this troubling interception may be an inside job, similar to that which was carried out by exiled American whistleblower Edward Snowden.
“My colleagues and I are fairly certain that this was no hack, or group for that matter,” said one former NSA employee. “This ‘Shadow Brokers’ character is one guy, an insider employee.”
The source of this opinion, who chose to remain anonymous, said it would way easier for an employee to obtain the data that the Shadow Brokers put online than it would be for any elite hacker, Russian-based or not. He went on to argue that “naming convention of the file directories, as well as some of th scripts in the dump are only accessible internally” and that “there is no reason” for those files to exist on a hackable server. According to the former employee, the files that were exposed were kept on a physically separated network that had no connection to the internet.
In response to this theory, Matt Suiche, CEO of Dubai-based cybersecurity company Comae, posited another: perhaps a member of NSA’s elite hacking team, Tailored Access Operation or TAO, made a major mistake by leaving the hacking tools on a server that was connected to the internet.
That said, the former NSA employee is sticking to his guns:
“We are 99.9 percent sure that Russia has nothing to with this and even though all this speculation is more sensational in the media, the insider theory should not be dismissed… We think it is the most plausible.”
“Now seeing that’s being paraded in the media like the wildly speculative attribution to Russia, I feel a personal responsibility to propose the more plausible theory on behalf of the rest of the guys like me,” the source explained, stating that he was getting “a little nervous” about the fact that major politicians were already accusing Russia of taking part in the hacks based on little to no evidence. “I think it’s dangerous to point fingers when they shouldn’t be. That could have real implications that affect real people.”
The source, who provided a military award as proof of his employment in which his role was described as “Cyber Intrusion Analyst.” The source went on to say that while he was not a member of TAO, he did work with TAO operators and analyze the data that TAO operators received.
Another NSA source who was contacted independently and also wishes to remain anonymous said that the insider theory is definitely “plausible” as it was much easier to walk out of the NSA with a USB drive or a CD than it was to hack its servers.
Michael Adams, an information security expert who worked for US Special Operations Command for over 20 years, also confirmed the viability of the theory.
“It’s Snowden Junior,” he explained. “Except he doesn’t want to end up in virtual prison in Russia. He’s smart enough to rip off shit, but also smart enough to be unidentifiable.”
It’s worth noting that there is as much information attributing responsibility to an insider as there is to Russia; in other words, there’s no evidence whatsoever.