The last time an NSA insider claimed that a rogue agent originating at the spy agency itself may be the source of the recent Democratic server (and George Soros) hacks and subsequent leaks, was three weeks ago when former NSA employee, William Binney said that "NSA Has All Of Hillary's Deleted Emails, It May Be The Leak."
William Binney, NSA whistleblower
Now, in the aftermath of the latest major hack, one involving none other than the NSA's special operations team, the "Equation Group" by a mysterious hacker collective calling itself "The Shadow Brokers" which even the likes of Edward Snowden hinted may have been done by Russia, speculation has returned that this latest, and most troubling hack yet, was also an inside job.
In an interview with Motherboard, titled "Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump" an anonymous insider has said that the chances of a hacker remotely breaking into the National Security Agency’s systems are very unlikely. Despite accusations that the leak is Russia’s meddling, the data dropped online under the name “the Shadow Brokers” would have required someone with the ability to access the NSA’s server, the former NSA employee told the news outlet.
As Motherboard puts it, an insider could have stolen the NSA hacking tools from the NSA, in a similar fashion to how former NSA contractor Edward Snowden stole an untold number of the spy agency’s top secret documents. This theory is being pushed by someone who claims to be, himself, a former NSA insider.
“My colleagues and I are fairly certain that this was no hack, or group for that matter,” the former NSA employee told Motherboard. “This ‘Shadow Brokers’ character is one guy, an insider employee.”
The source raised points that suggest the hack was actually a leak, such as the “naming convention of the file directories, as well as some of the scripts in the dump,” as they “are only accessible internally.” To validate his credentials, the insider provided a military award as proof of his past employment, and multiple former intelligence sources who reviewed the award for Motherboard said it looks legitimate. That award describes the source’s role as a “Cyber Intrusion Analyst,” and although he was not a member of TAO himself, he said he was able to work with TAO operators and access and analyze the data retrieved.
The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap, which if confirmed would make any theory of an outside hack virtually impossible.
However, Matt Suiche, the CEO of a Dubai-based cybersecurity company, wrote that the problem with this theory is that the NSA exposed the hacking tools on a server. “Making a mistake is not impossible,” for the Tailored Access Operation (TAO) – the NSA’s hacking team, Suiche noted.
While this is only a theory, the insider explained that they shared it to put international hacking theories in perspective. “We are 99.9 percent sure that Russia has nothing to do with this and even though all this speculation is more sensational in the media, the insider theory should not be dismissed,” the source said, adding, 'We think it is the most plausible.'”
This has been the summer of blaming Russia for hacks, but the source - like this website - told Motherboard that he needed to share the alternative theory because of the risks of increasing international tensions. He added that while he was “a little nervous about this whole thing,” he was coming forward precisely to warn people against accusing Russia.
“Now seeing what's being paraded in the media like the wildly speculative attribution to Russia, I feel a personal responsibility to propose the more plausible theory on behalf of me and the rest of the guys like me,” he said. “I think it's dangerous to point fingers when they shouldn't be. That could have real implications that affect real people.”
If this were the work of an insider, it would not be the first time an NSA contractor turned on the agency – remember Edward Snowden?
Another former NSA source said that “it’s plausible” that the leakers are actually a disgruntled insider, claiming that it’s easier to walk out of the NSA with a USB drive or a CD than hack its servers. Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, agreed that it’s a viable theory.
“It’s Snowden junior,” Adams told Motherboard. “Except he doesn’t want to end up in virtual prison in Russia. He’s smart enough to rip off shit, but also smart enough to be unidentifiable.”
It’s important to note that there’s no evidence pointing the finger at an insider, just like there’s no evidence pointing toward Russia. It’s all speculation, but these two theories, at this point, seem the most plausible.
If indeed a "snowden Junior" has emerged, it will be fascinating to watch if he also morphs into a "Wikileaks Junior", revealing documents which the DOJ or FBI won't touch, esepcially those linked to Hillary's personal email server. Because if anyone has all the files, it would be the NSA.