NSA paid RSA $10 million for encryption access

Malware

by Ben Sullivan| 21 December 2013

Security firm created a 'back door' for NSA by offering flawed security.

The NSA paid security firm RSA $10 million to provide a workaround for its encryption systems, allowing the National Security Agency to gain access to supposedly encrypted communications all around the world.

In September it was revealed that the NSA may have had access to encrypted communications following further Snowden revelations reported in The Guardian and the New York Times newspapers. The newspapers then accused RSA of deliberately adding the flawed algorithm, but no link between the NSA and RSA was proven and RSA subsequently issued a warning to its customers.

However, according to an exclusive Reuters report, it has been revealed that a sum of $10 million was provided to RSA by the National Security Agency to keep "its back doors open".

Reuters said: "Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract.

"Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show."

Neither the NSA or RSA have acknowledged the payment revelations, but Reuters claims to have heavily vetted the story with RSA secret sources.

In September, RSA said that it "always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."

But several RSA employees interviewed by Reuters said that RSA was "misled by government officials" who portrayed the formula as a secure technological advance.

"They did not show their true hand," one source said of the NSA.

NSA officials continue to defend the agency's actions, claiming it will put the US at considerable risk if messages from terrorists and spies cannot be deciphered.

But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1558 people follow this.

Malware Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.