Early Saturday morning, a group of hackers calling themselves The Shadow Brokers made a shocking claim: they had hacked an NSA-linked group, and were selling the spy agency's "cyber weapons" to the highest bidder.
"This message, our auction, poses to their wealth and control," the hackers wrote. "If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle?"
But despite this bizarre, disjointed statement, security experts see other motives behind the dump of several hacking tools believed to belong to the NSA: whoever is behind it wanted to send a warning message.
"This entire thing is a huge middle finger at America"
"This entire thing is a huge middle finger at America, at least that's how some people would interpret it," Thomas Rid, a professor in the Department of War Studies at King's College London, told Motherboard.
Rid said that The Shadow Brokers' actions need to be seen in light of all the recent leaks by Guccifer 2.0, a self-defined hacktivist who's more likely a front for Russian spies, as well as another Russian-linked leaking site, DCLeaks. All these leaks started after the Democratic National Committee and CrowdStrike, a US security firm, publicly accused Russia of hacking into the DNC servers.
Edward Snowden, the former NSA contractor who's now stuck in Russia, made a similar point on Twitter, noting that the leak from The Shadow Brokers is probably a "warning."
After the hack on the DNC, the US government, through anonymous officials quoted in national newspapers, blamed Russia for the hack and the subsequent leaks. So the leak of alleged NSA tools, according to Snowden, is a way for Russia to say that if the US can unmask and expose Russian hacking operations, so can Russia do to the US. The hacked NSA server where the hacking tools were found is proof of that. (It's worth noting that, unlike in the case of Guccifer 2.0, where there were some technical breadcrumbs pointing to Russia, in this case there's only very circumstantial evidence that The Shadow Brokers are Russian.)
And while Snowden was never part of the NSA's elite hacking team, Tailored Access Operations, which is believed to be the unit that security firms refer to as "Equation Group," his theory makes sense. If we assume Russia is behind this new leak, as some people close to the intelligence community are, just as it likely is behind all the Guccifer 2.0 leaks, dumping alleged NSA tools online would be a great way to tell the US government: be careful when pointing the finger at us, we can do the same.
This, according to Rid, is a "huge provocation" that risks escalating the conflict even more, and likely will prompt a response—although one we might never see or know about.
A Cold War-era enemy is playing a very old game, but this time is playing it in public rather than in the shadows.
This is a big deal not necessarily because some NSA hacking tools have been stolen, but because they've been dumped online for anyone to see. Stealing your enemies' tools and techniques is pure espionage. That the perpetrators of the heist publicized it is the "far scarier" scenario because it goes beyond mere espionage, as Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, put it.
"Whoever stole this data now wants the world to know—and that has much graver implications," Weaver wrote in an analysis of the leak. "The list of suspects is short: Russia or China. And in the context of the recent conflict between the US and Russia over election interference, safe money is on the former."
In other words, it seems like a Cold War-era enemy is playing a very old game, but this time is playing it in public rather than in the shadows. The consequences of this game are still unknown, and as public, we might never see them.
A lot of questions remain unanswered. And while we, as onlookers, can't know for sure whether Russia is behind this leak, nor whether these are really the NSA's cyber weapons, the NSA does, and has gotten the message. That's probably all the hackers wanted.