KELLY MCEVERS, HOST:
When it came out last month that the world's most elite hackers might themselves have been hacked, many people looked at Russia. NPR's Mary Louise Kelly reports that what really happened might be much more complicated.
MARY LOUISE KELLY, BYLINE: Russia has been taking the blame for hacking everyone from the Democratic National Committee to Colin Powell to, yes, the National Security Agency. But asked point blank did Russia hack the NSA, former agency number two Chris Inglis says he doubts it.
CHRIS INGLIS: I'd be very surprised if Russia had successfully hacked the NSA. Do they try? Oh, I'll bet they do. But have they succeeded? I don't think so.
KELLY: Pressed on why he thinks this, Inglis picks his words carefully, saying he doubts Russia is capable of breaching NSA systems in the way we typically think of that happening.
INGLIS: That they cracked a firewall somewhere and they curried into the internals of NSA.
KELLY: You will notice this careful choice of words leaves open the possibility that Russia got in some other way, say with the help - unwitting or not - of an NSA employee. Chris Inglis was the agency's deputy director at the time Edward Snowden copied top-secret files and disclosed them to the world. The prospect of another inside job is not lost on Inglis.
INGLIS: In 2016, three years after Edward Snowden, most would hope, hey, I thought you solved that problem. Turns out the problem's not static and stable, right? You can't solve it once and for all.
KELLY: Current NSA officials did not respond to our request for comment. But last month, Admiral Mike Rogers, head of U.S. Cyber Command and director of the National Security Agency, gave an interview to NPR. We asked, could there be another Snowden?
(SOUNDBITE OF ARCHIVED BROADCAST)
MIKE ROGERS: Listen, wherever you have a human dimension, you have the potential for that kind of challenge. What I want to make sure is it doesn't happen on that scale and it doesn't happen with any kind of duration.
KELLY: OK, we should make clear - that interview taped before news of the apparent hack broke. It's not clear whether Rogers and others at NSA already knew about the breach or whether they learned about it when the rest of the world did. Nor is it clear if an NSA employee was involved, whether this was a rogue operator intentionally revealing classified code or a mistake.
NICK WEAVER: The hypothesis I've seen which makes the most sense is that an NSA operator screwed up.
KELLY: Nick Weaver - he's a security researcher at the International Computer Science Institute in Berkeley. Under this scenario, Weaver explains, an NSA staffer or contractor uploaded the toolkit they needed for an operation and then, quote, "somebody came along and stole it." As for who came along and stole it...
WEAVER: Could be Russia, could be China. The smart money is on Russia.
KELLY: Which brings us full circle. Of the various explanations that have been floated, cybersecurity experts say Russia may have made the files public, but Russia likely got them from an NSA insider. The leaked files date from 2013. Since then, the NSA has tightened internal security.
The Pentagon's inspector general just wrapped up a review of whether the agency has done enough. The report is classified. All you can see online is the title, which begins, NSA should take additional steps. Mary Louise Kelly, NPR News, Washington.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.