NSA Paid RSA $10 Million to Use Flawed Security Standard

RSA Security was paid $10 million by the National Security Agency (NSA) to fold a deliberately flawed encryption standard into its software, a Reuters report says.

The company, whose SecurID tokens and software are used by millions of smartphone users and corporate employees worldwide, made a pseudo-random number generator called Dual_EC_DRBG the default selection in its BSAFE encryption software toolkit in 2006.

Two sources told Reuters reporter Joseph Menn that setting Dual_EC_DRBG as the default was key to a $10 million contract the company had signed with the NSA that year. The BSAFE division had taken in only $27.5 million in revenue in 2005.

MORE: Should You Trust U.S. Companies With Your Data?

"Now we know that RSA was bribed," security expert Bruce Schneier told CNET following the publication of the Reuters story. "I sure as hell wouldn't trust them."

Some current and former RSA Security employees told Menn the company was duped into trusting the NSA, which sets security standards for companies seeking government contracts.

"They did not show their true hand," one source told Menn.

Other blamed a changing corporate culture. The company, which during the 1990s led the successful fight against the NSA's proposed mandatory Clipper Chip, which would have decrypted cellphone conversations, was by the mid-2000s a much larger corporation, and many key employees had moved on.

"When I joined there were 10 people in the labs, and we were fighting the NSA," an employee who left in 2005 told Menn. "It became a very different company later on."

Random numbers that weren't random at all

BSAFE is used by software developers, chiefly anti-virus software maker McAfee and RSA itself, to secure their products. It is not used in RSA's SecurID tokens or software.

Pseudo-random number generators, or PRNGs, are essential to the encryption methods that underlie most secure electronic communications.

In September of this year, documents revealed by NSA turncoat Edward Snowden showed that the NSA had secretly undermined Dual_EC_DRBG (short for Dual Elliptic Curve Deterministic Random Bit Generation).

MORE: Why the Latest NSA Leak Is the Scariest of All

The revelation greatly upset many in the information-security community who had trusted the agency as a partner in developing encryption standards and security best practices.

Dual_EC_DRBG had been regarded with suspicion by cryptography experts ever since a 2007 paper, written by two Microsoft researchers, showed that it contained hidden mathematical relationships that made presumably random numbers not random at all.

The flaw could be exploited by the holder of a certain number, unknown to the researchers, and amounted to a "backdoor," a secret way to decrypt any information that had been encrypted using Dual_EC_DRBG.

Following the Snowden revelation,RSA Security advised its customers who used BSAFE to switch to another PRNG.

Another stain on a once-stellar reputation

RSA Security is one of the best-known brands in the worldwide security-software field. It was founded in 1982 by three Massachusetts Institute of Technology cryptographers who had created the RSA encryption algorithm five years earlier.

The company, based in the Boston suburbs, was bought by EMC Corporation in September 2006, after the BSAFE contract with the NSA was finalized.

The company's SecurID tokens were fatally compromised in March 2011 following a data breach by Chinese hackers who obtained the "seeds," or secret numbers, for token encryption-key generation.

The company was widely blamed for not disclosing the seriousness of the breach for three months after its initial disclosure, during which time the cracked SecurID tokens were used to steal military blueprints from U.S. defense contractors.

RSA Security hosts the annual RSA Security Conference, a giant week-long industry event held every February in San Francisco.

"If the Reuters story is true, I — for one — will be cancelling my invited talk and my panel participation in the upcoming RSA Conference," tweeted F-Secure researcher Mikko Hypponen, among the most respected people in the information-security industry, after the Reuters story broke.

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

This thread is closed for comments
    Your comment
    Top Comments
  • WhoMovedMyFreedom
    Thanks to the heroic freedom-fighter and whistle-blower Edward J. Snowden we now know that an army of private contractors and the US Military unlawfully monitors everyone’s telephone traffic, all your contact lists, text messages, passwords, GPS locations with dates and time, FaceBook posts & pictures, LinkedIn pages & pictures, your search engine keywords entered (yes – even the keywords typed in but you don’t press the enter key), all web sites visited, all your credit card numbers, all your inbound and outbound e-mail messages, your voice-print, and facial image (for facial recognition devices planted around the world used to identify your movement). They have also now installed traffic cameras in a ll major metro areas and on police cars that scan license plate tags and store that information in databases. I believe those databases are shared with the NSA. They store all that information permanently, under your name, at the US Military’s new massive Utah Data Center and can pull it up at any time in the future. They can even freely tap into the microphone and/or camera on your smart phone, tablet, laptop, PC, automobile’s OnStar system, xBox and similar Internet connected devices. Rest assured – if it connects to the Internet – the US Military can tap into it and illegally monitor you. And now we have learned they have back door access into all of RSA's encryption tools.
  • The NSA shills are out in full swing I see

    We have documents that prove that the nsa paid to put in a back door, and and the nsa shills turn right up denying it
  • Other Comments
  • I'm actually starting to question the reliability of some of these rumors. I mean, the NSA doesn't need to bribe them to put a flaw in as they can do it themselves.
  • This another one of those "We need an NSA headline!" articles. The weaknesses for Dual_EC_DRBG have been known for a long time. It's unlikely that the NSA paid for the backdoor, they can pay their own people less for better results. As it is getting random numbers right is notoriously difficult, just google if want an interesting read on the subject.
  • The NSA shills are out in full swing I see

    We have documents that prove that the nsa paid to put in a back door, and and the nsa shills turn right up denying it