Edward Snowden and some security experts pinned the leak on Russian hackers from the start, what with the ongoing digital war between the US and the world's largest nation. If you'll recall, Russia is being blamed for several high-profile security breaches in the US, including the most recent Guccifer 2.0 leak that contains documents from the Democratic National Convention.
The fact that Shadow Brokers dumped the tools online just like Guccifer 2.0 did supports authorities' belief that Russians are behind this incident, as well. Center for Strategic and International Studies cybersecurity expert Jim Lewis said: "The dumping is a tactic they've been developing for the last five years or so. They try it, and if we don't respond they go a little further next time."
Reuters also revealed that after the NSA found out that its tools were stolen, it deployed sensors to detect whether foreign countries with cyberattack capabilities like Russia and China had been using it. When it didn't pick up any suspicious activity, it didn't bother notifying the companies that could be affected by the exploits.
At this point in time, investigators are still looking into the possibility that the operative in question did it on purpose, and that another person might have committed a similar mistake that made the tools more vulnerable. They're also still confirming whether Shadow Brokers are directly connected to the Russian government. What they're sure of, however, is that it wasn't the work of a whistleblower like Edward Snowden and that the hackers didn't directly infiltrate NSA's headquarters.