Analytics // Security Monitoring
12:37 PM

RSA Denies Trading Security For NSA Payout

EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.

RSA was put on the defensive on Friday, after a report surfaced suggesting that the EMC-owned security firm accepted a $10 million payment from the National Security Agency (NSA) to select a weak random number generator as the default for its BSAFE encryption libraries.

That allegation was first reported by Reuters, which said it based its report on interviews with a dozen current and former employees of RSA. The alleged "secret" $10 million contract, signed in 2006, would have represented more than one third of the annual revenue of RSA's labs division the year prior to the contract being signed.

On Sunday, RSA issued a statement denying that it had "entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries."

The company added that at no point had it built backdoors into its products. "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," it said. "Decisions about the features and functionality of RSA products are our own."

[Google's biannual report points to an increase in government efforts to erase content that's critical of it. Read Google Says Governments Fight Transparency.]

But according to the Reuters report, the NSA has enjoyed backdoor access to any of those BSAFE-using products for which administrators employed RSA's recommended -- or default -- security settings. How many products would have been vulnerable? According to RSA's website, "BSAFE software is embedded and tested in thousands of commercial applications and is available in C/C++ and Java," including products made by BMC, Datamaxx, and EMC.

The allegations contained in the Reuters report follow the Guardian and The New York Times, among other publications, which detailed in September documents leaked by former agency contractor Edward Snowden concerning Project Bullrun. The NSA project appeared to be designed to give the intelligence agency's analysts the ability to do an end-run around the crypto that's supposed to secure HTTPS, VoIP, and Secure Sockets Layer, among other protocols.

"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies," read a leaked NSA document.

But the documents also documented how the NSA worked with some vendors of commercial encryption products "to make them exploitable," as well as required other U.S. vendors -- in what were described as "commercial relationships with industry partners" -- to add backdoor access to their software and hardware.

According to the Friday report in Reuters, in 2006, RSA's new CEO, Art Coviello, accepted a pitch from the NSA that the security company adopt its Dual Elliptic Curve algorithm (a.k.a. Dual EC DRBG), which is supposed to generate random numbers.

But according to RSA, the choice to select the algorithm dated from 2004. "We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption," said the company's statement. "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption."

It added that customers have always been free to select from multiple algorithms. "This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs," RSA said.

Earlier this year, in the wake of ongoing disclosures by Snowden, both NIST and RSA began recommending that organizations discontinue using the Dual Elliptic Curve algorithm. But concern over the Dual Elliptic Curve algorithm began in 2006, and was followed by a 2007 Crypto conference revealing what Bruce Schneier, chief security technology officer of BT, described at the time as "a weakness that can only be described as a backdoor."

"This is scary stuff," he said at the time, and recommended that no one use Dual EC DRBG "under any circumstances."

But until September 2013, RSA continued to offer the algorithm as its BSFAFE toolkit library's default option. "We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS [Federal Information Processing Standards] compliance," read RSA's Sunday statement. "When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion."

Documents leaked earlier this year by Snowden have suggested that NIST worked with NSA to actively weaken the encryption protocols used in commercial products.

"We no longer know whom to trust," Schneier said in a Monday blog post. "This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
User Rank: Ninja
1/4/2014 | 6:56:04 PM
We Didn't Sell no stinkin' backdoor for $10M
Sorry, but I'm not buying the "who me" routine by RSA.  Either it built in backdoors (as evidenced by the 2006 contract and testimony of former employees) or it did not.  RSA cannot have it both ways.  Only uninformed rubes and stockholders will believe their obfuscations and lies.
Faye Kane, homeless brain
Faye Kane, homeless brain,
User Rank: Apprentice
12/27/2013 | 5:32:23 AM
Re: Why in the world is everybody up in arms?? For the sake of privacy?

Yeah, for the sake of privacy! 

I know that's laughable to you NSA spooks, but we don't want the government reading our email, tracking our location, and doing network analysis on our phone calls.

Until we can drag you out of your Secure Location and throw you up against the wall, I expect you to ignore those wishes, but don't insult us by playing stupid.

Faye Kane, homeless brain
Faye Kane, homeless brain,
User Rank: Apprentice
12/27/2013 | 5:13:07 AM
How did anyone get fooled by this?
The random seeds of a crypto algorithm can be anything, as long as they're not all the same and everyone knows what they are. "Nothing up my sleeve numbers" are used specifically to insure that sleazy stuff like this doesn't happen.

As I remember, before 9/11 the random seeds for SHA were the cube roots of the first N digits of the fractional part of e.  But three weeks after 9/11, the NSA told NIST that those weren't "robust enough for future encryption", and handed them a list of magic numbers, with no explanation of what was wrong with the old ones or what was better about the new ones.

Amazingly, NIST said "Okay, no problem!" to what, to me, would have been obvious shenanigans — almost certainly a backdoor.

Sure, a couple of mathematicians like Schneider called bulls hit, but nobody really cared since the NIST said it was cool. Then—surprise!  The NSA turns out to have backdoored the hash function.

Who could EVER have imagined?

My question now is one I have myself been asked many times: How can someone so smart be so stupid??

Do crypto experts just rubber-stamp whatever comes along while waiting for lunchtime?  Didn't anyone find the 9/11 timing suspicious?  Why didn't anyone ask why we needed new random seeds?

These are not rhetorical questions and I would very much like to know the answers.  Unfortunately, I'm not in a position to demand answers, and the people who are, are either too inimidated, too lazy, too timid, or too bribed by the NSA to ask them.

I long ago learned not to trust code written by anyone other than myself, and more recently learned not to trust anyone at all, in any domain.  But there are people who have a lot at stake in secure systems.

Where are they, and why aren't they raising high holy hell?

--faye kane girl brain, sexiest astrophysicist you'll ever see naked
User Rank: Apprentice
12/24/2013 | 3:06:15 PM
Re: What Schneier says... is good enough for me
This is a problem, but it also feels like an opportunity for companies to strengthen security around their products. 

Many organizations have little incentive to operate within the NSA's rules; rather they may have to comply if asked. But there just might be a value proposition in having the ability to offer better security than that of the next rival. That's something to think about. 
User Rank: Apprentice
12/24/2013 | 1:10:21 PM
Re: Who's Against Who?
The right to Privacy is a Constitutional guarantee in this country. Your comments indicate that you should actually take the time to truly understand what that means. Learn about the architecture of our system of government, why it was created that way, what history has taught us about various forms of government, and how our constitution guides and protects that system. We (the US and ostensibly others) now have the technology to snoop on just about every aspect of our daily lives. That doesn't mean that we should just throw down the gauntlet and surrender our Constitutional rights just because some Government authority says you will sleep better at night. Yeah, go ahead and give the NSA the power to scrape all the info they want. And then, think about how one guy like Snowden can walk out the door with all of that in a briefcase. That's the kind of power that can potentially bring down entire countries.
User Rank: Apprentice
12/24/2013 | 12:35:31 PM
Re: What Schneier says... is good enough for me
checkoutthenetworthofsomeofrsa'sinvestors.financebloombergsportsenterpriseproductsenterprisesolutionstradingsolutionsbloomberganywheresearchsavedregistersigninsigninsearch thissiteusescookies.bycontinuingtobrowsethesiteyouareagreeingtoouruseofcookies.xpleaseupgradeyourbrowserforabetteruserexperience.recentmovertwitterinctwtr(nyse)69.36+4.82+7.47%homenewsquickopinionmarketspersonalfinancetechpoliticssustainabilityluxuryvideoradiomorestoriesgetthebloombergwashingtonnewsletter.learnmorenewsattheintersectionofpoliticsandtheeconomy.deliveredweekdaymorningsestcheckyouremailandconfirmyouraddresstostartreceivingnewsletters.resendconfirmationyouaresubscribedtothebloombergwashingtonnewsletter.subscribetomorenewsletters.signup> headlinespopularlatestrecommended'duckdynasty'dadrisks$500millionwithgay-sinremarksecrethandshakesgreetfratbrothersonwallstreetrussiacrisishauntsdeutschebank'ssmithseeingchinabustfordf-150seenborrowingmilitaryarmortoshieldprofitbritishairways747'swingslicesintojohannesburgbuildingwas2013theyearwelostchina?u.s.stocksrisebeforeholidayondurables,housingdatasalesofnewhomesinu.s.exceedforecasts,staynearfiveyearhighkhodorkovskypardonsignalsputinriftwithrussiaoilczarkalashnikovshouldhavemadefarmtoolschinaconfrontsworkforcedropwithretirement-agedelaybestof2013:howroubiniwouldinvest$1,000nowbasedonyourreadinghistoryyoumaylike'duckdynasty'dadrisks$500millionwithgay-sinremarksecrethandshakesgreetfratbrothersonwallstreetrussiacrisishauntsdeutschebank'ssmithseeingchinabustfordf-150seenborrowingmilitaryarmortoshieldprofitbritishairways747'swingslicesintojohannesburgbuildingwas2013theyearwelostchina? couldcadillacbethebest-sellingluxurycarby2019?britishairwaysjumbojetstrikesabuildingwhytheu.s.leavesitscredit-cardsystemvulnerabletofraudmeetthenavy'snew$150msubmarine-destroyingjetthedollarwillneverfalltobitcoinsponsoredcontentsponsoredcontentpromotedcontentpromotedcontentrecommendedvideos02:3902:39senatedelaysyellenvoteaslawmakersleavetown 01:5701:57obamacaregoodenoughforobama? 00:2500:25senatepassesbudgetplanthateasesspendingcuts 09:3609:36carperonfiskeruseofformergmplantindelaware 00:5200:52senateadvancesyellennominations 04:5404:54mcconnellonsenaterules,budget,debtceiling bytaboolabytaboola [replacedtest15]src=""frameborder="0"scrolling="no">,,azdynamicsnav/navision-accountant-nyc-...nigelfrankinternational-unitedstatesaccountantuniversityofarizona-tucson,azjobsby[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_1"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_1"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="300"height="250">advertisements[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_2"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_2"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31">[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_3"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_3"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31">[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_4"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_4"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31"> [replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_0"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_0"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="728"height="90">senateleadersmillionairesinfinancial-disclosuredatabyjonathand.salantandgreggirouxmay22,20139:00pmmt9commentsemailprintsharefacebooktwittergoogle+linkedinemailprintsavephotographer:chipsomodevilla/gettyimagessenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurray...readmoresenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurrayanswerreportersquestionsatthecaptiolonmay9,2013inwashington,dc.closecloseopenphotographer:chipsomodevilla/gettyimagessenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurrayanswerreportersquestionsatthecaptiolonmay9,2013inwashington,dc.[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_5"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_5"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="300"height="600">senatemajorityleaderharryreidandminorityleadermitchmcconnellreportedtheirnetworthinthemillionsofdollarsastheu.s.senatereleasedpersonalfinancialdisclosurereportsforitsmembers.reid,anevadademocrat,reportedassetsofbetween$2.8millionand$6.3million,includingminingclaimsinhishometownofsearchlightvaluedfrom$100,000to$250,000.kentuckyrepublicanmcconnellandhiswife,elainechao,whoservedasu.s.laborsecretaryunderformerpresidentgeorgew.bush,hadassetsofbetween$9.2millionand$36.5million.chao'sincomeincludedfeesfromsittingoncorporateboards,includingrupertmurdoch'snewscorp.(nwsa)andwellsfargo&co.(wfc)lawmakers,requiredtodisclosetheirfinancialassetsonceayear,reporttheirholdingsinbroadranges.mostsenatedemocraticandrepublicanleadersreportedassetswithupperrangesofatleast$1million.thechamber'sthird-rankingdemocrat,charlesschumerofnewyork,reportedthathiswife,irisweinshall,acityuniversityofnewyorkvicechancellor,earnedmorethanhedidlastyear.hersalarywas$234,368whilehiswas$172,887.theyreportedassetsofbetween$368,000and$1million.thesenatedemocraticconferencesecretary,pattymurrayofwashington,reportedwithherhusbandassetsofbetween$565,000and$,minoritywhipjohncornynoftexasreportedassetsofbetween$460,000and$1.4million,andacredit-carddebtofbetween$15,000and$50,000.cornyn,aformertexasattorneygeneralandaformerjudgeonthetexassupremecourtjudge,received$58,939fromtwostateretirementfunds.policycommitteechairmanjohnbarrasso,awyomingrepublican,reportedassetsofbetween$2.7millionand$8.6million.anorthopedicsurgeon,hereceivedbetween$500,000and$1millionfromthesaleofhismedicalpractice,andwaspaid$33,391fromthemedicalpartnershiphewaspartof.republicanconferencechairmanjohnthuneofsouthdakotareportedassetsofbetween$173,000and$596,000.richermembersofthechamberincludesenatecommercecommitteechairmanjayrockefeller,awestvirginiademocrat.hereportedatleast$89millioninassets;amoreprecisenumberisunavailablebecausehelistedhislargestholdingasmorethan$50million.wisconsinrepublicanronjohnson,whofoundedaplasticscompany,reportedassetsbetween$9.2millionand$39.7million.johnsonreportedowninga5percentinterestinthecompany,valuedat$4.5million.rubio'sroyaltiesontheotherhand,senatormarcorubiooffloridareportedapotentiallynegativenetworth,withassetsofbetween$259,000and$860,000andliabilitiesofbetween$450,000and$1million.rubio,aprospective2016republicanpresidentialcandidate,received$800,000inroyaltiesfrompenguingroupusainc.forhis2012memoir,"anamericanson."hepaidoffhisremainingstudentloansofbetween$100,000and$250,000."whenifinishedschool,iowedover$100,000instudentloans,adebtipaidoffjustafewmonthsago,"rubiosaidinfebruaryashedeliveredtheofficialrepublicanresponsetopresidentbarackobama'sstateoftheunionaddress.theyoungestu.s.senator,freshmandemocratchrismurphyofconnecticut,andhiswifeeachowedbetween$15,000and$50,000instudentloans,hisreportshowed.murphy,39,reportedassetsofbetween$70,000and$225,000.warren'sholdingsfreshmansenatorelizabethwarren,amassachusettsdemocratandharvarduniversityemeritusprofessor,andherhusbandbrucemann,aharvardlawprofessor,reportedassetsofbetween$3.8millionand$10.2million.mostofitwasintiaa-creffunds,includingonevaluedatbetween$1millionand$5million.warrenreceived$59,417fromaspenpublishersforaseriesofbooks,including"bankruptcyandarticle9"and"securedcredit:asystemsapproach,"and$103inroyaltiesfromyaleuniversitypressfor"thefragilemiddleclass."senatortedcruz,atexasrepublicanelectedlastnovember,tookapaycuttocometowashington.hewaspaid$1millionlastyearbyhislawfirm.hereportedassetsofbetween$2.2millionand$5.1million,includingan$843,000loantohiscampaignasofdec.31,2012.liabilitiesincludeagoldmansachsgroupinc.(gs)marginloanofbetween$250,000and$500,000.senatorrandpaul,akentuckyrepublicanalsomentionedasapossible2016presidentialcontender,receivedanextensionofthedeadlinetofile.tocontactthereportersonthisstory:[email protected];[email protected][replacedtest32]
User Rank: Apprentice
12/24/2013 | 9:57:18 AM
Who to Trust?
Schneier hits it on the head.  "We no longer know whom to trust.  This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."  Who DO you trust?  Management in many industries does not like security.  It's invasive, slows them down, makes it harder to use their smartphones when driving.  Now they have more excuses to do nothing.
User Rank: Apprentice
12/24/2013 | 9:22:08 AM
Who's Against Who?
The NSA is busy keeping you (us) protected from organized terror, etc. Why in the world is everybody up in arms and shooting themselves in the foot?? For the sake of privacy? Governments have had their agents and double agents around for over a hundred years, why is everybody waking up just now? Our taxes from our hard-earned money go to the NSA. So who's exactly against who??
User Rank: Apprentice
12/23/2013 | 7:31:57 PM
Re: Quid pro what?
WKash, good thougts.  I guess it is just unfortunate that they cashed in their trust, skirted around the law and constitution, and (at best) mislead Congress under oath.  During 2000, I was an active Linux kernel maintainer and was quite enthralled with SELinux.  At the time I was proud to tout that our IT department was adopting security tools released by the NSA.  Today, I'd be laughed at if not dismissed for making the same claims.
User Rank: Apprentice
12/23/2013 | 7:02:12 PM
Re: Quid pro what?
Fill, it's certainly speculation to guess what the NSA and the administration were thinking since 2000. But NSA Dir. Gen. Alexander has made it apparent in the speeches I've heard him give over the past three yeas that 9/11 attacks (yes during the Bush/Cheney years) cast the work of NSA under a heavier mandate to track down terrorists. At the same time, the resouces became available to tackle much larger volumes of information but not the time to crack the encryption on all that data. So they had to find ways around the problem.    
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.