Answer: When they work for the CIA.
Well this is more than a little awkward. Wikileaks has released the contents of their “Vault 7” Apparently the CIA likes to steal other peoples’ malware and keep it file. This allows them to hack a device or network and then leave a false trail pointing towards another party as the culprit.
Another program described in the documents, named Umbrage, is a voluminous library of cyberattack techniques that the C.I.A. has collected from malware produced by other countries, including Russia. According to the WikiLeaks release, the large number of techniques allows the C.I.A. to mask the origin of some of its cyberattacks and confuse forensic investigators.
In short, just because a cyber attack has all the hallmarks of having originated with the Russians doesn’t mean it did. It could have been the CIA. Actually, it could have been anybody, because if the CIA has access to these exploits, it probable that others do as well.
UPDATE: Having thought on this matter for a moment, it’s more than likely that Wikileaks has access to all the exploits that the CIA allegedly has. They now must be considered a suspect in the hacks of the DNC’s and John Podesta’s email accounts.