When Edward Snowden fled his job at the National Security Agency to publicly leak details of US surveillance programs, it may have seemed unlikely that American adversaries would replicate his whistleblowing tactics.
But with confidential Democratic National Committee emails and a stockpile of what appear to be top secret NSA hacking tools surfacing online in the past month, cybersecurity experts increasingly suspect that the Kremlin has borrowed from Mr. Snowden’s playbook in a bid to manipulate public opinion.
"Putin loves to torment the US," said Tom Kellermann, chief executive at Strategic Cyber Ventures. But in this case, he said, “there’s no way [the US] can condemn Russia for distributing an arsenal of military-grade cyberweapons on the streets of cyberspace."
If the Obama administration did accuse Moscow, he said, it would not only acknowledge that its clandestine cyberoperations were compromised but that it withheld information about serious computer vulnerabilities from US corporations.
"It’s obvious that a foreign intelligence gathering operation leaked this information to humiliate the US government," said Kellermann.
The group calling itself the Shadow Brokers, which leaked the cache of likely NSA hacking tools, remains anonymous after last week’s dump. Moscow has also denied involvement in the DNC hack.
But with the US and Russia increasingly at loggerheads around the world, experts say the successive leaks bear the hallmarks of a Kremlin intelligence operation. This time, however, they say Russian spies are taking advantage of the internet's reach to undermine their American adversaries.
If the trove of DNC emails leaked on the antisecrecy site WikiLeaks last month originated in Russian hands – as experts believe – it could be one of the first known state-backed digital attacks intended to manipulate a US presidential election. The hack even led Secretary of Homeland Security Jeh Johnson to admit that his agency is considering ideas to bolster cybersecurity protections for voting ahead of the November election.
And as the US government reportedly considered economic sanctions against Moscow for the DNC hack, experts say the disclosures of purported NSA malware may shift some of the public's focus away from Russia and toward the NSA's apparent use of software vulnerabilities in widely used business products.
"This is just an effort to confuse the issue," says James Lewis, a senior fellow at the Center for Strategic and International Studies, a Washington think tank. "If they think the US is going to come out and blame [Russia’s federal security service] for the DNC hack, they’re going to want to deflect attention and remind people they should be mad at the NSA."
Though the NSA dump has not engendered Snowden-like public controversy, the leaks exposed serious vulnerabilities in consumer firewall products that left security companies such as Cisco, Juniper, and Fortinet scrambling to patch their software, fearing retaliation from rogue criminal hackers who may have obtained the exploits.
Last week, British security researcher Mustafa Al-Bassam used a software exploit contained in the leak to extract passwords from Cisco virtual private networks, and the company expressed frustration that they weren’t notified of the vulnerability beforehand.
So whether or not the Shadow Brokers intended for it, the leak seems to have reinvigorated a debate over the White House's oft-used protocol for disclosing software vulnerabilities used by the US intelligence community to vendors. That could impact the US government’s position in domestic cybersecurity debates just months after the FBI’s controversial decision to purchase a software exploit to unlock an iPhone belonging to the San Bernardino, Calif. shooter.
"There’s this belief that the US is a wicked hegemon that seeks to control the world," says CSIS’s Mr. Lewis. "The Russians think they’re fighting against western information hegemony."
If Moscow is trying to make that case, they have more tools to do it than ever before. Russia Today (RT), a television network funded by the Kremlin, boasts a large global audience and has developed a reputation for criticism of the West. In January, however, British regulators sided with the BBC after the network complained about unfair treatment in an RT program. The program called The Truthseeker said the BBC staged a chemical weapons attack for a report about the Syrian war and edited an interview to misinterpret comments from a source. But Ofcom, the British regulator, said RT treated the BBC unfairly by not giving the broadcaster the opportunity to respond before the program aired.
Information also appears to figure into Moscow's foreign policy. Russia’s latest military doctrine, released in 2014, describes the use of information warfare to cause political upheaval.
"The first entree into cyberconflict isn’t physical destruction," says Matthew Devost, President of FusionX, a cybersecurity and risk management company. "If an airplane with 200 people falls out of the sky, it’s very easy to determine our response. But with the DNC hack, the impact isn’t as tangible."
Though efforts to limit cybersecurity espionage made progress last year after the US and China agreed to curb digitally-enabled theft of economic secrets and a United Nations committee focused on disarmament issues approved a report that applies portions of the UN charter to cyberspace in November, cybersecurity experts worry those steps would do little to halt the growing wave of damaging leaks.
"No international framework or statement matters here. The only thing that matters is what the concrete reaction is here by the US government," says Thomas Rid, a professor at Kings’ College London. "We have to ask ourselves, do we want this operation to set the de facto precedent which others may then try to emulate?"
This story was updated after publication to add new information. It was also corrected to accurately characterize a dispute between the BBC and RT. The case was a regulatory matter.