This just isn't something that can be faked in this way. (Good proof would be for The Intercept to run the code names in the new leak against their database, and confirm that some of the previously unpublished ones are legitimate.)
This is definitely not Snowden stuff. This isn't the sort of data he took, and the release mechanism is not one that any of the reporters with access to the material would use. This is someone else, probably an outsider...probably a government.
Okay, so let's think about the game theory here. Some group stole all of this data in 2013 and kept it secret for three years. Now they want the world to know it was stolen. Which governments might behave this way? The obvious list is short: China and Russia. Were I betting, I would bet Russia, and that it's a signal to the Obama Administration: "Before you even think of sanctioning us for the DNC hack, know where we've been and what we can do to you."
They claim to be auctioning off the rest of the data to the highest bidder. I think that's PR nonsense. More likely, that second file is random nonsense, and this is all we're going to get. It's a lot, though. Yesterday was a very bad day for the NSA.I haven't looked at the stuff and have no intent to do so. However, people whose opinion I respect are. I find the file timestamps to be very interesting, and in fact is evidence that Snowden was not working for the Russians (but rather was a whistleblower, as he claims). It looks like the Russians had a mole in NSA while Snowden was there, and their mole had to scramble to gather up what data he had after Snowden went public and NSA security got dialed up to 11.
ObDisclaimer: I worked at NSA for a few years starting in the mid 1980s, doing (defensive, not offensive) computer security.