After news that a cache of proprietary and powerful hacking tools had been stolen from the National Security Agency, the government suggested Russian hackers were to blame.
But intelligence expert and former NSA whistleblower James Bamford writes that the theft probably isn't the work of the Russians, and was more likely carried out by an insider, similar to famed NSA leak source, Edward Snowden.
"If Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale," Bamford wrote for Reuters. "It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook."
On the weekend of Aug. 13 and 14, a hacker group calling itself the Shadow Brokers placed the stolen tools online. They consist of what The Washington Post called "a sophisticated cyber arsenal" capable of smashing through firewalls and exploiting weaknesses in network security.
Experts and former NSA employees told The Washington Post that the hacking tools seem like the real deal.
"Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” said Nicholas Weaver, a network security researcher at the University of California at Berkeley.
Filenames from the cache also match tools referenced in documents revealed by Snowden, The Washington Post reported.
"Without a doubt, they're the keys to the kingdom," another former NSA hacker told the newspaper.
Included in the cache are tools that can open backdoors to iPhones and circumvent security features of routers and networking equipment made by companies like Cisco.
The name Shadow Broker is a reference to the "Mass Effect" trilogy of video games, particularly 2010's "Mass Effect 2," which features an all-knowing Shadow Broker who keeps tabs on important information across the galaxy.
And while some claim there are Russian fingerprints on the theft, Bamford points out that the files are dated to October 2013, "five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents."
Bamford said that timestamp, combined with his own access to Snowden's files while writing a story about the exiled NSA whistleblower, has convinced him the theft was the work of a second leaker, a person who had access to the NSA's most sensitive documents.
Then there are the threats that accompanied the leak, written in broken English apparently meant to mimic the mistakes a Russian speaker would make. Bamford and others believe that's a bit of misdirection.
Regardless of who stole the hacking software, Bamford said it heralds a new era "when NSA’s cyber weapons could be stolen like loose nukes and used against us."
"It opens the door to criminal hackers, cyber anarchists and hostile foreign governments," he wrote, "that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos."
It’s one more reason why the NSA may prove to be one of Washington’s greatest liabilities rather than assets.