News that the NSA had requested the RSA to implement backdoors in their encryption has been known since September . Recently however it has come to light that the NSA bribed the RSA to the tune of $10million for these flaws to be kept in. Reuters reported on this Friday, citing that:
“Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.”
and:
“An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST’s blessing is required for many products sold to the government and often sets a broader de facto standard.
RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.”
This news has shocked many, as the RSA was known for pushing privacy and security and even helped to stop the NSA from installing chips to spy on communications equipment and computers back in the 1990s.
As more and more information comes to light of just what has been going on in the shady backroom dealings in years past, one has to question everything they took for granted about security. It was common knowledge that the government and agencies had been watching communications in the past, but from the Snowden documents the extent has been revealed to the public and confirms the tactics many have speculated on before.
Bruce Schneier, a respected figure the security world, is quoted as saying “”You think they only bribed one company in the history of their operations? What’s at play here is that we don’t know who’s involved,” he said…You have no idea who else was bribed, so you don’t know who else you can trust”
According to Reuters, the NSA declined to comment on the news.