Edward Snowden, known from the NSA's leaks, went out on Twitter today to discuss his details of yesterday's service hack by the 'Equation Group.' The Equation Group which is said to be an offshoot of the NSA has seen its defenses breached by a group calling itself 'The Shadow' Brokers.' The data has started to find its way online and we should have news soon.
The collection of leaked data is reported to be from a cache of hacking tools, known as binaries.
According to Snowden, the tools were stored on an NSA test server as part of ongoing work to target and detect adversary malware servers. This practice is also known as Counter Computer Network Exploitation, or CCNE – a process that allows NSA hackers to steal tools used by foreign (or domestic competitors) hackers in order to discover their digital traces (fingerprints).
From the fingerprints, it can be detected if the tools were used on others attacks but also the exact location of the hacker.
After each hack, NSA hackers have instructions to delete the executables from the server. However, according to Snowden, there are sometimes lazy people. So stolen tools and fingerprints in their memory can guide opponents to identify hackers and connect them directly with the NSA.
Snowden believes the hack may be of Russian origin and is a warning that "one can prove that the US is behind any attacks coming from this server."
9) This leak is likely to be a warning that someone can prove US responsibility for any attacks that originated from this malware server.
- Edward Snowden (@Snowden) August 16
Simply put, these leaked tools themselves may have been used for hacking in rival governments such as Russia, North Korea, Iran or China. In the worst case scenario, they could have been used for hacking in allied systems. If it turns out, it could have devastating consequences for US foreign policy.
Snowden warns that this situation could "get dirty" very quickly.