Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump
UPDATE: One clue: the poor use of English in the messages seems to be faked. /update
That the NSA data dump could have come from a disgruntled employee seems not at all unlikely, given Edward Snowden. Lorenzo Franceschi-Bicchierai and Joseph Cox report in Motherboard:
There are a lot of unanswered questions surrounding the shocking dump of a slew ofhacking tools used by an NSA-linked group earlier this week. But perhaps the biggest one is: who’s behind the leak? Who is behind the mysterious moniker “The Shadow Brokers”?
So far, there’s no clear evidence pointing in any direction, but given the timing of the leak, and the simple fact that very few would have the capabilities and the motives to hack and shame the NSA publicly, some posited The Shadow Brokers could be Russian.
But there’s another possibility. An insider could have stolen them directly from the NSA, in a similar fashion to how former NSA contractor Edward Snowden stole an untold number of the spy agency’s top secret documents. And this theory is being pushed by someone who claims to be, himself, a former NSA insider.
“My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.”
The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. (Motherboard was not able to independently verify this claim, and it’s worth bearing in mind that an air-gap is not an insurmountable obstacle in the world of hacking).
Of course, as Matt Suiche, the CEO of Dubai-based cybersecurity company Comae,noted in a post analyzing the insider theory, a leading theory is . . .