Consensus at week's end is that NSA was indeed compromised. Cisco and Fortinet are already patching zero-days included in the code released by the Shadow Brokers, and Juniper Networks is investigating apparently exploitable flaws in its own software. Fugitive leaker Edward Snowden is among many who believe Russian intelligence services are behind the compromise—Immunity's CTO David Aitel, for one, told Passcode he thinks the Shadow Brokers' release is a cyberdeterrent move aimed at dissuading US retaliation for Russian hacks of US political organizations.
What does not, however, point to Russian involvement is the bizarrely fractured English the Shadow Brokers use in their auction communiqués. No observers have found any plausible non-native English syntax that matches the Brokers' prose. Rather, it reads like something thrown together by a screenwriter.
Other speculation continues to center on the possibility that disgruntled or compromised insiders were responsible for the leak. Those adhering to this theory point to aspects of the leaked files they think would be inaccessible to anyone lacking physical access to NSA facilities.
Malicious insiders have been problematic elsewhere. Studies show companies uneasy about their ability to detect and manage insider threats, and the arrest of a Sage employee at Heathrow Airport on charges of stealing customer data gives point to such concerns.
Brian Krebs reports that unwanted emails are flooding the in-boxes of users with dot-gov addresses. The emails, mostly newsletters, amount, some are saying, to a denial-of-service operation. The problem is beginning to manifest itself outside the dot-gov domain.