Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

NSA Paid a Huge Security Firm $10 Million to Keep Encryption Weak
Gizmodo ^ | 20 dec 2013 | Gizmodo

Posted on 12/20/2013 4:16:47 PM PST by James C. Bennett

Reuters reports that the NSA paid massive computer security firm RSA $10 million to promote a flawed encryption system so that the surveillance organization could wiggle its way around security. In other words, the NSA bribed the firm to leave the back door to computers all over the world open.

Thanks to documents leaked by Edward Snowden, we already knew the NSA played a central role in promoting a flawed formula for generating random numbers, which if used in encryption, essentially gives the spies easy access to computing systems. A piece of RSA software, bSafe, became the most significant vector for the security flaw. The encryption tools which hundreds of millions of people rely on to protect the private information are significantly weaker as a result.

The sickening revelation is that the NSA paid RSA to make sure that the formula got into the software just the way they wanted it to. Both the NSA and RSA haven't directly acknowledged the deal, but Reuters claims to have thoroughly vetted it with sources inside the security company.

The report is just the latest which shows that—in an effort to collect as much information as possible—the NSA has been systematically undermining security infrastructure for decades. While some of Reuters' sources appear to think that RSA was duped by the government, it seems pretty clear now that the company knew what it was doing when it entered into a secret contact with the NSA. Disgusting.


TOPICS: Business/Economy; Foreign Affairs; Front Page News; Government; News/Current Events
KEYWORDS: 10million; abortion; bigbrother; bsafe; computersecurity; deathpanels; edwardsnowden; encryption; fbi; firm; huge; keep; million; nsa; obamacare; paid; rsa; security; spy; surveillance; weak; zerocare
Navigation: use the links below to view more comments.
first 1-5051-100 next last

1 posted on 12/20/2013 4:16:48 PM PST by James C. Bennett
[ Post Reply | Private Reply | View Replies]

To: James C. Bennett
Obama: I Have Confidence That The NSA Is Not Spying On Americans Or Snooping Around
2 posted on 12/20/2013 4:23:25 PM PST by lowbridge
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

What’s disgusting is that everyone believes that NSA is the only Agency low enough to do such a thing. I’ll bet my life that England, China, Russia and Germany Intels were all doing the same tricks.


3 posted on 12/20/2013 4:32:03 PM PST by B4Ranch (Name your illness, do a Google & YouTube search with "hydrogen peroxide". Do it and be surprised.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

It will cost RSA a lot more than 10mil to recover from this.


4 posted on 12/20/2013 4:34:59 PM PST by Bobalu (White Boy Think A Lot)
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

Wasn’t RSA hacked or compromised earlier this year?


5 posted on 12/20/2013 4:35:46 PM PST by tbw2
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett
I have an RSA token for my employer's website.

The idea that an intelligence agency has been subverting security applications should not be a shock to anyone. What bothers me is my perception that safeguards and processes to protect Joe Citizen within the Intelligence Community are being ignored or subverted.

It is an incredible dilemna. As a patriot, I want the NSA to be able to crack into any system. But I also worry about abuse. Who watches the Watchers?

6 posted on 12/20/2013 4:36:17 PM PST by Lysandru
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

RSA is now open to a huge class action lawsuit. They have promoted their product as the gold standard of security. They intentionally lied to the public about the security of their product. And worse, they were paid to insert a security flaw.


7 posted on 12/20/2013 4:36:59 PM PST by Ben Mugged (The number one enemy of liberalism is reality.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

Hopefully this causes RSA to go bankrupt. They took 30 pieces of silver to sell their souls.


8 posted on 12/20/2013 4:38:09 PM PST by glorgau
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett
there is no honor amongst thieves!




9 posted on 12/20/2013 4:39:55 PM PST by MeshugeMikey ( Visit http://icantenroll.com/ In Glitch We Trust....;o})
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lysandru
As a patriot, I want the NSA to be able to crack into any system.

I'm a citizen and don't want them breaking into any of MY systems. They have no business in there.

10 posted on 12/20/2013 4:40:06 PM PST by glorgau
[ Post Reply | Private Reply | To 6 | View Replies]

To: Lysandru
As a patriot, I want the NSA to be able to crack into any system.

Your brand of “patriotism” would be well received in Cuba or Venezuela.

11 posted on 12/20/2013 4:41:34 PM PST by Rides_A_Red_Horse (Why do you need a fire extinguisher when you can call the fire department?)
[ Post Reply | Private Reply | To 6 | View Replies]

To: James C. Bennett

Old news made new again.

RSA always sucked.


12 posted on 12/20/2013 4:41:37 PM PST by Vendome (Don't take life so seriously-you won't live through it anyway-Enjoy Yourself ala Louis Prima)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MeshugeMikey

TEA and Duck for Christmas?


13 posted on 12/20/2013 4:43:38 PM PST by GeronL (Extra Large Cheesy Over-Stuffed Hobbit)
[ Post Reply | Private Reply | To 9 | View Replies]

To: James C. Bennett

Richard Nixon - “I’m not a crook” - YouTube
https://www.youtube.com/watch?v=sh163n1lJ4M


14 posted on 12/20/2013 4:43:59 PM PST by familyop (We Baby Boomers are croaking in an avalanche of corruption smelled around the planet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

AMEN! barry and the pirates.. ship...has been leaking for months..

the leak is now beyond repair..

their backs ...and been lashed....


15 posted on 12/20/2013 4:45:41 PM PST by MeshugeMikey ( Visit http://icantenroll.com/ In Glitch We Trust....;o})
[ Post Reply | Private Reply | To 13 | View Replies]

To: B4Ranch

How is that disgusting?


16 posted on 12/20/2013 4:47:07 PM PST by austinaero
[ Post Reply | Private Reply | To 3 | View Replies]

To: Lysandru
As a patriot, I want the NSA to be able to crack into any system.

I'm glad I'm not your kind of patriot. I don't want them ever to be able to break into my secure communications. I don't trust them (the NSA) any further than I trust any country's security apparatus.

17 posted on 12/20/2013 4:48:23 PM PST by NewHampshireDuo
[ Post Reply | Private Reply | To 6 | View Replies]

To: James C. Bennett

Has anyone come forward yet to show how much they paid u-soft to install a backdoor in every version of ‘doze? The one where some Unknown Coder listed the call as “NSAbackdoor” or something?


18 posted on 12/20/2013 4:48:38 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: familyop

Point Break version:

http://youtu.be/zo4wvDpuIxM?t=37s


19 posted on 12/20/2013 4:51:51 PM PST by F15Eagle (1Jn4:15;5:4-5,11-13;Mt27:50-54;Mk15:33-34;Jn3:17-18,6:69,11:25,14:6,20:31;Ro10:8-11;1Tm2:5-6;Ti3:4-7)
[ Post Reply | Private Reply | To 14 | View Replies]

To: James C. Bennett

Time to short RSA.


20 posted on 12/20/2013 4:52:17 PM PST by tbpiper
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett; Egon

So now who does anybody trust when it comes to operating system security? How do we protect ourselves? Does the NSA have backdoors to every firewall, every malware protection software and every encryption scheme?


21 posted on 12/20/2013 4:52:24 PM PST by RhoTheta ("We're from the Government, and we're here to help you ... NOT")
[ Post Reply | Private Reply | To 1 | View Replies]

To: RhoTheta

To your question... I would have to say YES THEY DO


22 posted on 12/20/2013 4:58:39 PM PST by Ouderkirk (To the left, everything must evidence that this or that strand of leftist theory is true)
[ Post Reply | Private Reply | To 21 | View Replies]

To: tbpiper

Wonder how they did today?


23 posted on 12/20/2013 5:02:07 PM PST by F15Eagle (1Jn4:15;5:4-5,11-13;Mt27:50-54;Mk15:33-34;Jn3:17-18,6:69,11:25,14:6,20:31;Ro10:8-11;1Tm2:5-6;Ti3:4-7)
[ Post Reply | Private Reply | To 20 | View Replies]

To: RhoTheta

Resign yourselves to the certainty that the Feds can and will record, store, read, listen to, look at, disseminate, corrupt and act on any electronic communication you have engaged in, regardless of any security fig leaf you may think you have in place. That includes stuff from decades ago.

Engage the Suck, ‘cause it ain’t going away.


24 posted on 12/20/2013 5:04:37 PM PST by SnuffaBolshevik
[ Post Reply | Private Reply | To 21 | View Replies]

To: James C. Bennett; All
What is the status of PGP these days? I suppose it doesn't
cover all of the applications people want encryption for.
25 posted on 12/20/2013 5:09:30 PM PST by TigersEye (Stupid is a Progressive disease.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

Quite a change from the day NSA told people not to use a certain key range with a popular encryption system, without saying why. 3 decades later we learned it was a very good suggestion.


26 posted on 12/20/2013 5:14:29 PM PST by ctdonath2 (Making good people helpless doesn't make bad people harmless.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: lowbridge

C’mon, Eddie. We know all this NSA stuff. Let’s hear what you know about our phony “president.”


27 posted on 12/20/2013 5:16:00 PM PST by txrefugee
[ Post Reply | Private Reply | To 2 | View Replies]

To: James C. Bennett
IMHO, this alone vindicates Snowden.

Government is the greediest, most corrupt and murderous force on Earth.

And the US feral government is among the greediest and most corrupt. The murder will follow shortly.

28 posted on 12/20/2013 5:23:46 PM PST by E. Pluribus Unum (Who knew that one day professional wrestling would be less fake than professional journalism?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: familyop

PLEASE NOTE FOR FUTURE REFERENCE”

Nixon “probably knew” about an operation which burgled a DNC office in order to get more information about a DNC call girl ring.

That is what it was all about.

PLEASE DO NOT COMPARE Nixon to Obama.


29 posted on 12/20/2013 5:32:02 PM PST by golux
[ Post Reply | Private Reply | To 14 | View Replies]

To: James C. Bennett
$10 million seems like a small amount for a security company to sell out their customers and commit seppuku in the process. Screw them all.
30 posted on 12/20/2013 5:37:39 PM PST by Dalberg-Acton
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

I would suggest that anyone who bought the RSA security products immediately sue to obtain a couple of those millions of bribe money.


31 posted on 12/20/2013 5:46:36 PM PST by RetiredTexasVet (Some people might call it a confidence game or swindle, others call it ObamaCare!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

Obama is the president that the founding fathers warned us about.


32 posted on 12/20/2013 5:47:31 PM PST by Blood of Tyrants (From time to time the.tree of liberty must be watered with the blood of tyrants and patriots.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lysandru

“As a patriot, I want the NSA to be able to crack into any system. “

Patriots support their government when it is correct and their country all the time.

In this case, NSA - at the direction of the governmnet - is subverting Constitutional Rights without cause.

I do not support their massive espionage against Americans. It is exactly like the STASI on steroids.


33 posted on 12/20/2013 5:48:11 PM PST by aMorePerfectUnion (I grew up in America. I now live in the United States..)
[ Post Reply | Private Reply | To 6 | View Replies]

To: B4Ranch

You are probably right.


34 posted on 12/20/2013 5:50:11 PM PST by Blood of Tyrants (From time to time the.tree of liberty must be watered with the blood of tyrants and patriots.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Lysandru

Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.Benjamin Franklin, Historical Review of Pennsylvania, 1759


35 posted on 12/20/2013 5:53:51 PM PST by Lumper20
[ Post Reply | Private Reply | To 6 | View Replies]

To: Lysandru
As a patriot, I want the NSA to be able to crack into any system. But I also worry about abuse.

By definition, if you create a security system with a "back door" that security system is not secure. If the NSA can open the back door, so can other hackers. RSA has created a Potemkin Village security system.

36 posted on 12/20/2013 5:54:12 PM PST by Flick Lives (Got a problem with the government? Have a complaint. Get a free IRS audit!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: familyop

Nixon was an amateur compared to Obama


37 posted on 12/20/2013 5:59:32 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: B4Ranch

The real danger is the NSA isn’t keeping the information to themselves. They are giving the information to the DEA, ATF, DHS, FBI, state and local law enforcement agencies.

Those agencies are lying to defense attorneys and judges about where their leads are coming from.


38 posted on 12/20/2013 6:01:18 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: James C. Bennett

The NSA always looking for the backdoor either by hook or crook.


39 posted on 12/20/2013 6:01:29 PM PST by Red Steel
[ Post Reply | Private Reply | To 1 | View Replies]

To: Flick Lives
Absolutely.

And keep in mind; where you have an omni-potent, omni-funded, omni-secret government operation you have wormholes in systems that probably shouldn't have holes. Al-la Doctor Strangelove. How do you recall a B-52, a nuke sub, a commando unit? This thinking is you build in code that can be hacked and you pay for it.

Let's hope we have the resources when it's time to pay the piper.

It is simply wrong to trust these people. Government on steroids is going to be the death of us.

40 posted on 12/20/2013 6:05:29 PM PST by WhoisAlanGreenspan?
[ Post Reply | Private Reply | To 36 | View Replies]

To: RhoTheta

OpenBSD, OpenSSH, OpenVPN, OpenSMPTD, Gnu PG, etc.


41 posted on 12/20/2013 6:18:58 PM PST by LaRueLaDue
[ Post Reply | Private Reply | To 21 | View Replies]

To: James C. Bennett

Impeachment File for the 2014 Impeachment of “B. Hussein Obama,” aka Barry Soetoro, a documented legal citizen of the Sovereign Nation of Indonesia.
________

Documentation File for the 2014 Impeachment of John Boehner for Dereliction of Congressional Duty by Speaker Boehner for failure to appoint a Special NSA Investigator.


42 posted on 12/20/2013 7:56:03 PM PST by Graewoulf (Democrats' Obamacare Socialist Health Insur. Tax violates U.S. Constitution AND Anti-Trust Law.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: James C. Bennett

As a patriot, I want the government weak enough that the citizens can replace it by force if necessary.


43 posted on 12/20/2013 8:27:34 PM PST by freedomfiter2 (Brutal acts of commission and yawning acts of omission both strengthen the hand of the devil.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Blood of Tyrants

Our government is the kind of government our founders went to war to get rid of.


44 posted on 12/20/2013 8:30:50 PM PST by freedomfiter2 (Brutal acts of commission and yawning acts of omission both strengthen the hand of the devil.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: James C. Bennett

I think RSA just died as a company. Who will ever trust them again? My company uses them, nearly dropped them after they were hacked not long ago and we all had to get new fobs. I’ll bet we are off RSA within a few weeks.


45 posted on 12/20/2013 8:35:24 PM PST by ThunderSleeps (Stop obarma now! Stop the hussein - insane agenda!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TigersEye

PGP FREE: I would think the Windows XP version runs fine on 7 & 8 as well http://www.pgpi.org/products/pgp/versions/freeware/

PGP COMMERCIAL: http://www.symantec.com/encryption

I think it *does* have all the functionality most people need, but the free version is not quite as user friendly as most people are used to. I never tried the commercial one.

I don’t know why people that need encryption don’t use it more. For me, I don’t really need it and figure its use would raise all kinds of red flags, so that’s the trade-off.

The free version for sure, if obtained from a reliable source and verified does not have any backdoors.


46 posted on 12/20/2013 8:47:15 PM PST by expat1000
[ Post Reply | Private Reply | To 25 | View Replies]

To: expat1000
The free version for sure, if obtained from a reliable source and verified does not have any backdoors.

Thank you for the answer and the additional comments about PGP. Haven't seen it mentioned in such a long time I wondered if it had been neutralized by the advances of time and technology.

It occurred to me also that using it would act like a red flag. OTOH if I used it for all communications that's all they would have to be suspicious of.

47 posted on 12/20/2013 8:52:50 PM PST by TigersEye (Stupid is a Progressive disease.)
[ Post Reply | Private Reply | To 46 | View Replies]

To: James C. Bennett
When you purposefully make week encryption so the NSA can crack it, then other code crackers will be able to crack it.

RSA and EMC have opened themselves up to a huge lawsuit. Especially since they touted that their security was well designed. It could not be if it had a flaw in it that RSA purposefully encoded in it.

48 posted on 12/20/2013 10:45:43 PM PST by ColdSteelTalon (Light is fading to shadow, and casting its shroud over all we have known...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RhoTheta
The best thing to do is find a company that has programmers that have not kowtowed to any government, and that writes encryption without back doors or flaws in the algorithm.

I have heard there are former American citizens who renounced their citizenship so that they could legally write such encryption software.

49 posted on 12/20/2013 10:48:55 PM PST by ColdSteelTalon (Light is fading to shadow, and casting its shroud over all we have known...)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ColdSteelTalon; COUNTrecount; Nowhere Man; FightThePower!; C. Edmund Wright; jacob allen; ...

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...

50 posted on 12/21/2013 12:14:39 AM PST by null and void (I'm betting on an Obama Trifecta: A Nobel Peace Prize, an Impeachment, AND a War Crimes Trial...)
[ Post Reply | Private Reply | To 49 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson