When it comes to security, I've found it hard personally to sort through all the claims & counter claims. Sensationalism sells, or if you prefer, gets page views, & it can get people some notoriety that they might be able to turn into $ someday. OTOH you have a company like Google, that's massively invested in all things Android -- they can't be pleased when stories about whatever new Android vulnerability start making the rounds, and probably do what they can to make sure it doesn't turn into a slew of headlines.
You've also got lots of people that feel they'll gain personally by talking about something they really don't know or understand, and people [especially politicians & law enforcement] that favor scare tactics to get what they want. And it doesn't help that so many people nowadays don't separate entertainment & news as 2 separate things -- they see something implausible or outright impossible on some TV show, and because of that may become part of a willing audience for anyone putting out misinformation. The bigger the audience, often the faster the number of supporters grows.
The flip side of that coin is you've got security software companies that might be gagged by their gov on some stuff, and/or encouraged to report, & possibly spin other things they've allegedly found. You got researchers looking to make a buck, either by gaining press to impress would-be clients or employers, or even recently with stock market manipulation.
With the NSA stuff...
After the Shadow Brokers 1st appeared, trying to sell a bunch of stuff allegedly from the NSA, the investigation & arrest of a former NSA contract worker was widely reported by the media. They reported that all sorts of classified materials were found in his vehicle, shed, and home if I remember correctly, though they never could tie him directly into any attempted sales, or to giving the material to anyone else. Then the stories went quiet -- maybe they were old news, or maybe they were compelled to shut up?
There were quite a few articles that appeared saying that whatever security researcher(s) went through the material the Shadow Brokers released to prove the credibility of their claim that they had all this classified material, and they said it looked legit. I didn't see anything that said it wasn't NSA, though that just means that *I* didn't see it. But based on that guy being arrested, I've always leaned towards the stuff being from the NSA, but that's purely FWIW. It's the nature of gov intelligence that if the NSA said it was theirs I'm not sure I'd consider that proof. ;)
