Skip to comments.NSA Paid a Huge Security Firm $10 Million to Keep Encryption Weak
Posted on 12/20/2013 4:16:47 PM PST by James C. Bennett
Reuters reports that the NSA paid massive computer security firm RSA $10 million to promote a flawed encryption system so that the surveillance organization could wiggle its way around security. In other words, the NSA bribed the firm to leave the back door to computers all over the world open.
Thanks to documents leaked by Edward Snowden, we already knew the NSA played a central role in promoting a flawed formula for generating random numbers, which if used in encryption, essentially gives the spies easy access to computing systems. A piece of RSA software, bSafe, became the most significant vector for the security flaw. The encryption tools which hundreds of millions of people rely on to protect the private information are significantly weaker as a result.
The sickening revelation is that the NSA paid RSA to make sure that the formula got into the software just the way they wanted it to. Both the NSA and RSA haven't directly acknowledged the deal, but Reuters claims to have thoroughly vetted it with sources inside the security company.
The report is just the latest which shows thatin an effort to collect as much information as possiblethe NSA has been systematically undermining security infrastructure for decades. While some of Reuters' sources appear to think that RSA was duped by the government, it seems pretty clear now that the company knew what it was doing when it entered into a secret contact with the NSA. Disgusting.
What’s disgusting is that everyone believes that NSA is the only Agency low enough to do such a thing. I’ll bet my life that England, China, Russia and Germany Intels were all doing the same tricks.
It will cost RSA a lot more than 10mil to recover from this.
Wasn’t RSA hacked or compromised earlier this year?
The idea that an intelligence agency has been subverting security applications should not be a shock to anyone. What bothers me is my perception that safeguards and processes to protect Joe Citizen within the Intelligence Community are being ignored or subverted.
It is an incredible dilemna. As a patriot, I want the NSA to be able to crack into any system. But I also worry about abuse. Who watches the Watchers?
RSA is now open to a huge class action lawsuit. They have promoted their product as the gold standard of security. They intentionally lied to the public about the security of their product. And worse, they were paid to insert a security flaw.
Hopefully this causes RSA to go bankrupt. They took 30 pieces of silver to sell their souls.
I'm a citizen and don't want them breaking into any of MY systems. They have no business in there.
Your brand of “patriotism” would be well received in Cuba or Venezuela.
Old news made new again.
RSA always sucked.
TEA and Duck for Christmas?
Richard Nixon - “I’m not a crook” - YouTube
AMEN! barry and the pirates.. ship...has been leaking for months..
the leak is now beyond repair..
their backs ...and been lashed....
How is that disgusting?
I'm glad I'm not your kind of patriot. I don't want them ever to be able to break into my secure communications. I don't trust them (the NSA) any further than I trust any country's security apparatus.
Has anyone come forward yet to show how much they paid u-soft to install a backdoor in every version of ‘doze? The one where some Unknown Coder listed the call as “NSAbackdoor” or something?
Time to short RSA.