Lately Russia has been taking the blame for hacking everyone from the Democratic National Committee to former Secretary of State Colin Powell to the National Security Agency.
When it emerged last month that the world's most elite hackers might themselves have been hacked, all eyes turned to Russia. It is, after all, hard to imagine a juicier target for a hacker sitting in Moscow.
"This required advanced skills, and that narrows you down to a very short list of countries pretty fast," Thomas Rid, a cyber-security expert at King's College London, told NPR at the time. "Also, what country other has demonstrated an interest in dumping information right now?"
But as the investigation proceeds, the facts of what happened may turn out to be more complicated.
"I would be very surprised if Russia had successfully hacked the NSA," says former NSA deputy director Chris Inglis. "Do they try? Oh, I bet they do. But have they succeeded? I don't think so."
Pressed in an interview on why he thinks this, Inglis picks his words carefully. He says he doubts Russia is capable of breaching NSA systems in the way people typically think of that happening, "that they cracked a firewall somewhere and they [burrowed] into the internals of NSA."
This careful choice of words leaves open the possibility that Russia got into some other way. Say, with the help — unwitting or not — of an NSA employee.
The Shadow Of The Snowden Case
Inglis was the Agency's number two at the time when Edward Snowden copied top-secret files and disclosed them to the world. The prospect of another possible inside job is not lost on him.
"In 2016, three years after Edward Snowden, most would hope — 'Hey, I thought you solved that problem.' Turns out the problem's not static and stable, all right? You can't solve it once and for all," Inglis says.
Current NSA officials did not respond to our request for comment.
But on Aug. 1, Adm. Mike Rogers, head of US Cyber Command and director of the National Security Agency, gave an interview to NPR.
We asked him: could there be another Snowden?
"Listen, there can always — wherever you have a human dimension, you have the potential for that kind of challenge," Rogers replied. "What I want to make sure is, it doesn't happen on that scale and it doesn't happen with any kind of duration."
To be clear, the Rogers interview was taped before news of the apparent hack broke. It's not clear whether he and others at NSA already knew about the breach, or whether they learned about it a couple of weeks later, when the rest of the world did. Nor is it clear — if an NSA employee was involved — whether this was a rogue operator intentionally revealing classified code, or a mistake.
Looking For Insider Involvement
"The hypothesis I've seen which makes the most sense is that an NSA operator screwed up," says Nick Weaver, a security researcher at the International Computer Science Institute in Berkeley, Calif.
Under this scenario, an NSA staffer or contractor uploaded the toolkit they needed for an operation and then, "somebody came along and stole it," says Weaver. "Could be Russia. Could be China. The smart money is on Russia."
Which brings us full circle. Of the various explanations that have been floated for the NSA breach, cyber security experts say that while Russia may have been responsible for making the files public, Russia likely got them from an NSA insider.
This prompts questions about timing. The leaked files date from 2013 — the same year Snowden stunned the world with his disclosures — and since then the NSA has tightened internal security. The agency belongs to the Defense Department, whose Inspector General just wrapped up a review of whether those reforms go far enough.
The report, dated Aug. 29, is classified. The Inspector General's office declined to comment on its conclusions.
All you can see online is the title, which begins: "NSA Should Take Additional Steps."