Nearly a dozen tweets sent by the U.S. National Security Agency’s public Twitter account, @NSAGov, contained secret messages meant for a Russian attempting to sell stolen cyberweapons, according to new reports.
The U.S. intelligence community has spent months secretly attempting to retrieve its leaked hacking tools, and the NSA has repeatedly used its Twitter account to cryptically communicate with a Russian man who said he wanted to sell them, The Intercept and The New York Times separately reported Friday.
The encoded messages appeared in nearly a dozen seemingly mundane tweets sent by the NSA throughout 2017 and secretly meant for the Russian seller, The Intercept first reported.
“Samuel Morse patented the telegraph 177 years ago. Did you know you can still send telegrams? Faster than post & pay only if it’s delivered,” reads one of the tweets cited by The Intercept sent June 20.
“Can you help Kandice the Kangaroo save her baby Jory in this month’s #PuzzlePeriodical?” reads another dated Oct. 17.
The cryptic tweets started after the unnamed Russian man met with an American intermediary and a U.S. official in Berlin last spring amid efforts spurred by the Shadow Brokers, a hacking group that began leaking stolen NSA cyberweapons in August 2016. The Russian agreed to provide the entirety of the Shadow Broker’s stolen tools in exchange for money, and the U.S. government decided on “certain messaging techniques” that would be used to let the Russian know the deal was authorized by Uncle Sam, according to The Intercept.
Specifically U.S. officials would give the Russian advance notice of precisely what the NSA would tweet at an exact data and time, The Intercept reported.
“The NSA used that messaging technique repeatedly over the following months, each time officials wanted to communicate with the Russians or reassure them that the U.S. was still supporting the channel. Each time, the Russians were told the text of the tweets in advance and the exact time they would be released. Each tweet looked completely benign but was in fact a message to the Russians,” the report said.
The U.S. agreed to pay for a sample of the stolen data, but the arrangement turned sour when officials learned they spent $100,000 on hacking tools that were already made public by the Shadow Brokers in one of its earlier leaks, and ultimately the deal deteriorated in December, The Times reported.
“The people swindled here were James Risen and Matt Rosenberg,” the CIA said in a statement Saturday, naming the authors of The Times and Intercept reports, respectively. “The fictional story that CIA was bilked out of $100,000 is patently false,” the agency said, CBS first reported.
CIA “is denying something we did not write - the @nytimes story does not specify CIA as source of funds, which we write came ‘through an indirect channel,’” Mr. Rosenberg responded Saturday.
Hacking tools previously leaked by the Shadow Brokers included Microsoft Windows exploits subsequently weaponized to wage last year’s unprecedented WannaCry cyberattack that infected computer systems in more than 150 countries.