Skip to comments.NSA Paid a Huge Security Firm $10 Million to Keep Encryption Weak
Posted on 12/20/2013 4:16:47 PM PST by James C. Bennett
Reuters reports that the NSA paid massive computer security firm RSA $10 million to promote a flawed encryption system so that the surveillance organization could wiggle its way around security. In other words, the NSA bribed the firm to leave the back door to computers all over the world open.
Thanks to documents leaked by Edward Snowden, we already knew the NSA played a central role in promoting a flawed formula for generating random numbers, which if used in encryption, essentially gives the spies easy access to computing systems. A piece of RSA software, bSafe, became the most significant vector for the security flaw. The encryption tools which hundreds of millions of people rely on to protect the private information are significantly weaker as a result.
The sickening revelation is that the NSA paid RSA to make sure that the formula got into the software just the way they wanted it to. Both the NSA and RSA haven't directly acknowledged the deal, but Reuters claims to have thoroughly vetted it with sources inside the security company.
The report is just the latest which shows thatin an effort to collect as much information as possiblethe NSA has been systematically undermining security infrastructure for decades. While some of Reuters' sources appear to think that RSA was duped by the government, it seems pretty clear now that the company knew what it was doing when it entered into a secret contact with the NSA. Disgusting.
What’s disgusting is that everyone believes that NSA is the only Agency low enough to do such a thing. I’ll bet my life that England, China, Russia and Germany Intels were all doing the same tricks.
It will cost RSA a lot more than 10mil to recover from this.
Wasn’t RSA hacked or compromised earlier this year?
The idea that an intelligence agency has been subverting security applications should not be a shock to anyone. What bothers me is my perception that safeguards and processes to protect Joe Citizen within the Intelligence Community are being ignored or subverted.
It is an incredible dilemna. As a patriot, I want the NSA to be able to crack into any system. But I also worry about abuse. Who watches the Watchers?
RSA is now open to a huge class action lawsuit. They have promoted their product as the gold standard of security. They intentionally lied to the public about the security of their product. And worse, they were paid to insert a security flaw.
Hopefully this causes RSA to go bankrupt. They took 30 pieces of silver to sell their souls.
I'm a citizen and don't want them breaking into any of MY systems. They have no business in there.
Your brand of “patriotism” would be well received in Cuba or Venezuela.
Old news made new again.
RSA always sucked.
TEA and Duck for Christmas?
Richard Nixon - “I’m not a crook” - YouTube
AMEN! barry and the pirates.. ship...has been leaking for months..
the leak is now beyond repair..
their backs ...and been lashed....
How is that disgusting?
I'm glad I'm not your kind of patriot. I don't want them ever to be able to break into my secure communications. I don't trust them (the NSA) any further than I trust any country's security apparatus.
Has anyone come forward yet to show how much they paid u-soft to install a backdoor in every version of ‘doze? The one where some Unknown Coder listed the call as “NSAbackdoor” or something?
Time to short RSA.
So now who does anybody trust when it comes to operating system security? How do we protect ourselves? Does the NSA have backdoors to every firewall, every malware protection software and every encryption scheme?
To your question... I would have to say YES THEY DO
Resign yourselves to the certainty that the Feds can and will record, store, read, listen to, look at, disseminate, corrupt and act on any electronic communication you have engaged in, regardless of any security fig leaf you may think you have in place. That includes stuff from decades ago.
Engage the Suck, ‘cause it ain’t going away.
Quite a change from the day NSA told people not to use a certain key range with a popular encryption system, without saying why. 3 decades later we learned it was a very good suggestion.
C’mon, Eddie. We know all this NSA stuff. Let’s hear what you know about our phony “president.”
Government is the greediest, most corrupt and murderous force on Earth.
And the US feral government is among the greediest and most corrupt. The murder will follow shortly.
PLEASE NOTE FOR FUTURE REFERENCE”
Nixon “probably knew” about an operation which burgled a DNC office in order to get more information about a DNC call girl ring.
That is what it was all about.
PLEASE DO NOT COMPARE Nixon to Obama.
I would suggest that anyone who bought the RSA security products immediately sue to obtain a couple of those millions of bribe money.
Obama is the president that the founding fathers warned us about.
“As a patriot, I want the NSA to be able to crack into any system. “
Patriots support their government when it is correct and their country all the time.
In this case, NSA - at the direction of the governmnet - is subverting Constitutional Rights without cause.
I do not support their massive espionage against Americans. It is exactly like the STASI on steroids.
You are probably right.
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.Benjamin Franklin, Historical Review of Pennsylvania, 1759
By definition, if you create a security system with a "back door" that security system is not secure. If the NSA can open the back door, so can other hackers. RSA has created a Potemkin Village security system.
Nixon was an amateur compared to Obama
The real danger is the NSA isn’t keeping the information to themselves. They are giving the information to the DEA, ATF, DHS, FBI, state and local law enforcement agencies.
Those agencies are lying to defense attorneys and judges about where their leads are coming from.
The NSA always looking for the backdoor either by hook or crook.
And keep in mind; where you have an omni-potent, omni-funded, omni-secret government operation you have wormholes in systems that probably shouldn't have holes. Al-la Doctor Strangelove. How do you recall a B-52, a nuke sub, a commando unit? This thinking is you build in code that can be hacked and you pay for it.
Let's hope we have the resources when it's time to pay the piper.
It is simply wrong to trust these people. Government on steroids is going to be the death of us.
OpenBSD, OpenSSH, OpenVPN, OpenSMPTD, Gnu PG, etc.
Impeachment File for the 2014 Impeachment of B. Hussein Obama, aka Barry Soetoro, a documented legal citizen of the Sovereign Nation of Indonesia.
Documentation File for the 2014 Impeachment of John Boehner for Dereliction of Congressional Duty by Speaker Boehner for failure to appoint a Special NSA Investigator.
As a patriot, I want the government weak enough that the citizens can replace it by force if necessary.
Our government is the kind of government our founders went to war to get rid of.
I think RSA just died as a company. Who will ever trust them again? My company uses them, nearly dropped them after they were hacked not long ago and we all had to get new fobs. I’ll bet we are off RSA within a few weeks.
PGP FREE: I would think the Windows XP version runs fine on 7 & 8 as well http://www.pgpi.org/products/pgp/versions/freeware/
PGP COMMERCIAL: http://www.symantec.com/encryption
I think it *does* have all the functionality most people need, but the free version is not quite as user friendly as most people are used to. I never tried the commercial one.
I don’t know why people that need encryption don’t use it more. For me, I don’t really need it and figure its use would raise all kinds of red flags, so that’s the trade-off.
The free version for sure, if obtained from a reliable source and verified does not have any backdoors.
Thank you for the answer and the additional comments about PGP. Haven't seen it mentioned in such a long time I wondered if it had been neutralized by the advances of time and technology.
It occurred to me also that using it would act like a red flag. OTOH if I used it for all communications that's all they would have to be suspicious of.
RSA and EMC have opened themselves up to a huge lawsuit. Especially since they touted that their security was well designed. It could not be if it had a flaw in it that RSA purposefully encoded in it.
I have heard there are former American citizens who renounced their citizenship so that they could legally write such encryption software.
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...