The investigation into the August hack of the National Security Agency’s cybersecurity tools is looking into a theory that a former NSA employee left the information on a remote server that the Russian hackers found, according to Reuters.
NSA officials told the FBI-led investigation that an employee or contractor made the mistake about three years ago and alerted the NSA of the error shortly afterward; however, the NSA didn’t alert the companies affected by the vulnerabilities.
The investigators have not ruled out that the former employee left the tools on a remote server intentionally or that multiple employees made the same mistake and duplicated each other’s errors.
Since the hack was discovered, Cisco Systems and Fortinet, the companies that were most affected by the incident, have patched their systems to avoid further problems.
After the NSA discovered the error, it investigated the use of its hacking tools by foreign entities trying to break into U.S. systems. Since the NSA didn’t discover any suspicious activity, it didn’t warn the companies of the problem.
Officials presume that the Shadow Brokers, the group that orchestrated the hack, are affiliated with the Russian government, although they haven’t determined that conclusively. One reason investigators believed this is because the hackers released the tools instead of selling them.