Looking inward Andrew Kelly/Reuters

WE ARE getting closer to unmasking the Shadow Brokers. Last week, the group put hacking tools from the National Security Agency up for auction, including security flaws in companies’ systems and remote access tools. There have been no serious bidders, but the documents have been confirmed as the real deal, raising the spectre of another whistleblower at the agency.

Initially, the prime suspect was Russia, but this theory has now been downgraded. Certain naming conventions in the files point to scripts only accessible on a machine physically isolated from the network and therefore inaccessible to anyone not physically present in the NSA building. The idea that it was an accidental upload has also been debunked, shifting the focus internally.

However, it couldn’t have been Edward Snowden, pictured, as it looks like the tools were stolen around October 2013, five months after he fled to Hong Kong.


On Monday, Shlomo Argamon at the Illinois Institute of Technology, analysed the broken English Shadow Brokers used to sell the tools, examining, for example, patterns of grammatical errors. He concluded that the author was a native English speaker trying to appear non-native. A bogus accent, in other words, but a pretty good attempt to cover it up.

All of that would point to an NSA insider motivated to leak documents, but also to cover their own tracks to avoid a fate similar to Snowden’s.

This article appeared in print under the headline “A second Snowden?”