Williams, it may be recalled, made a similar statement after the US Justice Department issued an indictment in July naming 12 Russians for alleged hacking offences connected to the 2016 US presidential election.
The FBI complaint named one Park Jin Hyok, a North Korean citizen, as being behind a number of digital break-ins, including one in November 2014 directed against Sony Pictures Entertainment, the theft of $81 million from Bangladesh Bank in 2016, and allegedly authoring the WannaCry ransomware which was used in attacks in May 2017.
Said Williams: "Charging individual North Korean Government hackers as individuals is a human rights issue. Assuming the intrusions have been correctly attributed to Park (not a given), unlike me, he likely had zero choice in his actions. This is not okay."
Charging individual North Korean government hackers as individuals is a human rights issue. Assuming the intrusions have been correctly attributed to Park (not a given), unlike me, he likely had zero choice in his actions. This is not okay. 1/nhttps://t.co/rg3efcfPlQ pic.twitter.com/mfa9ZPQco6— Jake Williams (@MalwareJake) September 6, 2018
Until then, Williams had not disclosed the fact that he had worked for the TAO during his NSA days.
"People living in North Korea don't get a choice when the government comes calling," Williams wrote on Twitter. "There are countless stories of atrocities where whole families are imprisoned (or worse) for defying the orders of the government. We know what would have happened if Park refused to hack Sony.
"Park's only crime is his talent. Because he was selected to be educated in Computer Science (probably based on aptitude), his trajectory was set. Now that he faces indictment, his trajectory is likely set too. Park will never be turned over to the US for trial."
Williams stands out among the ex-NSA crowd in that he is willing to go on the record without hiding his identity. There are others who make statements without allowing their names to figure in the media.
"Long before DPRK extradites him, they'll make him disappear," Williams said. "If he tries to defect, the DPRK government will imprison or kill his family. Some will say we must prosecute crime 'to send a message'. But what message is being sent? I think it's 'we don't care about his life'.
"Look at the nations where we're charging government hackers. Russia, Iran, China, and now DPRK. Notice a pattern? It's a history of human rights abuses. Do you really think that more well-mannered nations aren't hacking? If so, I've got bad news for you.
"Do you think we haven't found other nation's hackers in our networks? I bet we have. But we have other diplomatic means to handle those issues. We must stop conflating criminal action and diplomatic action. It absolutely will come back to bite us."
After Williams was outed by the Shadow Brokers, he had to cancel a number of planned trips outside the US for fear that he might be apprehended in one of these countries for being involved in operations against them. He has his own company Rendition Infosec and is in demand as a infosec trainer.
"Another thing those countries share in common is that they will never extradite their people to the US to face those charges," Williams said. "In terms of justice, these charges are entirely symbolic.
"I don't say things lightly: if you're involved in this particular set of charges, you have blood on your hands. I had a choice in my participation in government hacking operations. You have a choice to participate in these actions. Park did not. Period."