Analytics // Security Monitoring
12/23/2013
12:37 PM
Connect Directly
RSS
E-Mail
50%
50%

RSA Denies Trading Security For NSA Payout

EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.

RSA was put on the defensive on Friday, after a report surfaced suggesting that the EMC-owned security firm accepted a $10 million payment from the National Security Agency (NSA) to select a weak random number generator as the default for its BSAFE encryption libraries.

That allegation was first reported by Reuters, which said it based its report on interviews with a dozen current and former employees of RSA. The alleged "secret" $10 million contract, signed in 2006, would have represented more than one third of the annual revenue of RSA's labs division the year prior to the contract being signed.

On Sunday, RSA issued a statement denying that it had "entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries."

The company added that at no point had it built backdoors into its products. "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," it said. "Decisions about the features and functionality of RSA products are our own."

[Google's biannual report points to an increase in government efforts to erase content that's critical of it. Read Google Says Governments Fight Transparency.]

But according to the Reuters report, the NSA has enjoyed backdoor access to any of those BSAFE-using products for which administrators employed RSA's recommended -- or default -- security settings. How many products would have been vulnerable? According to RSA's website, "BSAFE software is embedded and tested in thousands of commercial applications and is available in C/C++ and Java," including products made by BMC, Datamaxx, and EMC.

The allegations contained in the Reuters report follow the Guardian and The New York Times, among other publications, which detailed in September documents leaked by former agency contractor Edward Snowden concerning Project Bullrun. The NSA project appeared to be designed to give the intelligence agency's analysts the ability to do an end-run around the crypto that's supposed to secure HTTPS, VoIP, and Secure Sockets Layer, among other protocols.

"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies," read a leaked NSA document.

But the documents also documented how the NSA worked with some vendors of commercial encryption products "to make them exploitable," as well as required other U.S. vendors -- in what were described as "commercial relationships with industry partners" -- to add backdoor access to their software and hardware.

According to the Friday report in Reuters, in 2006, RSA's new CEO, Art Coviello, accepted a pitch from the NSA that the security company adopt its Dual Elliptic Curve algorithm (a.k.a. Dual EC DRBG), which is supposed to generate random numbers.

But according to RSA, the choice to select the algorithm dated from 2004. "We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption," said the company's statement. "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption."

It added that customers have always been free to select from multiple algorithms. "This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs," RSA said.

Earlier this year, in the wake of ongoing disclosures by Snowden, both NIST and RSA began recommending that organizations discontinue using the Dual Elliptic Curve algorithm. But concern over the Dual Elliptic Curve algorithm began in 2006, and was followed by a 2007 Crypto conference revealing what Bruce Schneier, chief security technology officer of BT, described at the time as "a weakness that can only be described as a backdoor."

"This is scary stuff," he said at the time, and recommended that no one use Dual EC DRBG "under any circumstances."

But until September 2013, RSA continued to offer the algorithm as its BSFAFE toolkit library's default option. "We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS [Federal Information Processing Standards] compliance," read RSA's Sunday statement. "When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion."

Documents leaked earlier this year by Snowden have suggested that NIST worked with NSA to actively weaken the encryption protocols used in commercial products.

"We no longer know whom to trust," Schneier said in a Monday blog post. "This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
asksqn
50%
50%
asksqn,
User Rank: Apprentice
1/4/2014 | 6:56:04 PM
We Didn't Sell no stinkin' backdoor for $10M
Sorry, but I'm not buying the "who me" routine by RSA.  Either it built in backdoors (as evidenced by the 2006 contract and testimony of former employees) or it did not.  RSA cannot have it both ways.  Only uninformed rubes and stockholders will believe their obfuscations and lies.
Faye Kane, homeless brain
50%
50%
Faye Kane, homeless brain,
User Rank: Apprentice
12/27/2013 | 5:32:23 AM
Re: Why in the world is everybody up in arms?? For the sake of privacy?
 

Yeah, for the sake of privacy! 

I know that's laughable to you NSA spooks, but we don't want the government reading our email, tracking our location, and doing network analysis on our phone calls.

Until we can drag you out of your Secure Location and throw you up against the wall, I expect you to ignore those wishes, but don't insult us by playing stupid.

-flk
Faye Kane, homeless brain
100%
0%
Faye Kane, homeless brain,
User Rank: Apprentice
12/27/2013 | 5:13:07 AM
How did anyone get fooled by this?
The random seeds of a crypto algorithm can be anything, as long as they're not all the same and everyone knows what they are. "Nothing up my sleeve numbers" are used specifically to insure that sleazy stuff like this doesn't happen.

As I remember, before 9/11 the random seeds for SHA were the cube roots of the first N digits of the fractional part of e.  But three weeks after 9/11, the NSA told NIST that those weren't "robust enough for future encryption", and handed them a list of magic numbers, with no explanation of what was wrong with the old ones or what was better about the new ones.

Amazingly, NIST said "Okay, no problem!" to what, to me, would have been obvious shenanigans — almost certainly a backdoor.

Sure, a couple of mathematicians like Schneider called bulls hit, but nobody really cared since the NIST said it was cool. Then—surprise!  The NSA turns out to have backdoored the hash function.

Who could EVER have imagined?

My question now is one I have myself been asked many times: How can someone so smart be so stupid??

Do crypto experts just rubber-stamp whatever comes along while waiting for lunchtime?  Didn't anyone find the 9/11 timing suspicious?  Why didn't anyone ask why we needed new random seeds?

These are not rhetorical questions and I would very much like to know the answers.  Unfortunately, I'm not in a position to demand answers, and the people who are, are either too inimidated, too lazy, too timid, or too bribed by the NSA to ask them.

I long ago learned not to trust code written by anyone other than myself, and more recently learned not to trust anyone at all, in any domain.  But there are people who have a lot at stake in secure systems.

Where are they, and why aren't they raising high holy hell?

--faye kane girl brain, sexiest astrophysicist you'll ever see naked
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
12/24/2013 | 3:06:15 PM
Re: What Schneier says... is good enough for me
This is a problem, but it also feels like an opportunity for companies to strengthen security around their products. 

Many organizations have little incentive to operate within the NSA's rules; rather they may have to comply if asked. But there just might be a value proposition in having the ability to offer better security than that of the next rival. That's something to think about. 
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
12/24/2013 | 1:10:21 PM
Re: Who's Against Who?
The right to Privacy is a Constitutional guarantee in this country. Your comments indicate that you should actually take the time to truly understand what that means. Learn about the architecture of our system of government, why it was created that way, what history has taught us about various forms of government, and how our constitution guides and protects that system. We (the US and ostensibly others) now have the technology to snoop on just about every aspect of our daily lives. That doesn't mean that we should just throw down the gauntlet and surrender our Constitutional rights just because some Government authority says you will sleep better at night. Yeah, go ahead and give the NSA the power to scrape all the info they want. And then, think about how one guy like Snowden can walk out the door with all of that in a briefcase. That's the kind of power that can potentially bring down entire countries.
cheesemoma
0%
100%
cheesemoma,
User Rank: Apprentice
12/24/2013 | 12:35:31 PM
Re: What Schneier says... is good enough for me
checkoutthenetworthofsomeofrsa'sinvestors.financebloombergsportsenterpriseproductsenterprisesolutionstradingsolutionsbloomberganywheresearchsavedregistersigninsigninsearch thissiteusescookies.bycontinuingtobrowsethesiteyouareagreeingtoouruseofcookies.xpleaseupgradeyourbrowserforabetteruserexperience.recentmovertwitterinctwtr(nyse)69.36+4.82+7.47%homenewsquickopinionmarketspersonalfinancetechpoliticssustainabilityluxuryvideoradiomorestoriesgetthebloombergwashingtonnewsletter.learnmorenewsattheintersectionofpoliticsandtheeconomy.deliveredweekdaymorningsestcheckyouremailandconfirmyouraddresstostartreceivingnewsletters.resendconfirmationyouaresubscribedtothebloombergwashingtonnewsletter.subscribetomorenewsletters.signup> headlinespopularlatestrecommended'duckdynasty'dadrisks$500millionwithgay-sinremarksecrethandshakesgreetfratbrothersonwallstreetrussiacrisishauntsdeutschebank'ssmithseeingchinabustfordf-150seenborrowingmilitaryarmortoshieldprofitbritishairways747'swingslicesintojohannesburgbuildingwas2013theyearwelostchina?u.s.stocksrisebeforeholidayondurables,housingdatasalesofnewhomesinu.s.exceedforecasts,staynearfiveyearhighkhodorkovskypardonsignalsputinriftwithrussiaoilczarkalashnikovshouldhavemadefarmtoolschinaconfrontsworkforcedropwithretirement-agedelaybestof2013:howroubiniwouldinvest$1,000nowbasedonyourreadinghistoryyoumaylike'duckdynasty'dadrisks$500millionwithgay-sinremarksecrethandshakesgreetfratbrothersonwallstreetrussiacrisishauntsdeutschebank'ssmithseeingchinabustfordf-150seenborrowingmilitaryarmortoshieldprofitbritishairways747'swingslicesintojohannesburgbuildingwas2013theyearwelostchina? couldcadillacbethebest-sellingluxurycarby2019?britishairwaysjumbojetstrikesabuildingwhytheu.s.leavesitscredit-cardsystemvulnerabletofraudmeetthenavy'snew$150msubmarine-destroyingjetthedollarwillneverfalltobitcoinsponsoredcontentsponsoredcontentpromotedcontentpromotedcontentrecommendedvideos02:3902:39senatedelaysyellenvoteaslawmakersleavetown 01:5701:57obamacaregoodenoughforobama? 00:2500:25senatepassesbudgetplanthateasesspendingcuts 09:3609:36carperonfiskeruseofformergmplantindelaware 00:5200:52senateadvancesyellennominations 04:5404:54mcconnellonsenaterules,budget,debtceiling bytaboolabytaboola [replacedtest15]src="http://www.bloomberg.com/bcom/article/iframe/google-adwords"frameborder="0"scrolling="no">postajobsearchjobstaxadvisorspecialistparttimecpaor...intuit-tucson,azsenioraccountant-considerowninga...selectingafranchise.com-unitedstatesinternalwholesalerdavisselectedadvisers-tucson,azdynamicsnav/navision-accountant-nyc-...nigelfrankinternational-unitedstatesaccountantuniversityofarizona-tucson,azjobsby[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_1"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_1"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="300"height="250">advertisements[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_2"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_2"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31">[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_3"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_3"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31">[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_4"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_4"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31"> [replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_0"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_0"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="728"height="90">senateleadersmillionairesinfinancial-disclosuredatabyjonathand.salantandgreggirouxmay22,20139:00pmmt9commentsemailprintsharefacebooktwittergoogle+linkedinemailprintsavephotographer:chipsomodevilla/gettyimagessenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurray...readmoresenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurrayanswerreportersquestionsatthecaptiolonmay9,2013inwashington,dc.closecloseopenphotographer:chipsomodevilla/gettyimagessenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurrayanswerreportersquestionsatthecaptiolonmay9,2013inwashington,dc.[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_5"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_5"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="300"height="600">senatemajorityleaderharryreidandminorityleadermitchmcconnellreportedtheirnetworthinthemillionsofdollarsastheu.s.senatereleasedpersonalfinancialdisclosurereportsforitsmembers.reid,anevadademocrat,reportedassetsofbetween$2.8millionand$6.3million,includingminingclaimsinhishometownofsearchlightvaluedfrom$100,000to$250,000.kentuckyrepublicanmcconnellandhiswife,elainechao,whoservedasu.s.laborsecretaryunderformerpresidentgeorgew.bush,hadassetsofbetween$9.2millionand$36.5million.chao'sincomeincludedfeesfromsittingoncorporateboards,includingrupertmurdoch'snewscorp.(nwsa)andwellsfargo&co.(wfc)lawmakers,requiredtodisclosetheirfinancialassetsonceayear,reporttheirholdingsinbroadranges.mostsenatedemocraticandrepublicanleadersreportedassetswithupperrangesofatleast$1million.thechamber'sthird-rankingdemocrat,charlesschumerofnewyork,reportedthathiswife,irisweinshall,acityuniversityofnewyorkvicechancellor,earnedmorethanhedidlastyear.hersalarywas$234,368whilehiswas$172,887.theyreportedassetsofbetween$368,000and$1million.thesenatedemocraticconferencesecretary,pattymurrayofwashington,reportedwithherhusbandassetsofbetween$565,000and$1.5million.senatemajoritywhipricharddurbinofillinoisreceivedanextensionofthemay15filingdeadline.credit-carddebtontherepublicanside,minoritywhipjohncornynoftexasreportedassetsofbetween$460,000and$1.4million,andacredit-carddebtofbetween$15,000and$50,000.cornyn,aformertexasattorneygeneralandaformerjudgeonthetexassupremecourtjudge,received$58,939fromtwostateretirementfunds.policycommitteechairmanjohnbarrasso,awyomingrepublican,reportedassetsofbetween$2.7millionand$8.6million.anorthopedicsurgeon,hereceivedbetween$500,000and$1millionfromthesaleofhismedicalpractice,andwaspaid$33,391fromthemedicalpartnershiphewaspartof.republicanconferencechairmanjohnthuneofsouthdakotareportedassetsofbetween$173,000and$596,000.richermembersofthechamberincludesenatecommercecommitteechairmanjayrockefeller,awestvirginiademocrat.hereportedatleast$89millioninassets;amoreprecisenumberisunavailablebecausehelistedhislargestholdingasmorethan$50million.wisconsinrepublicanronjohnson,whofoundedaplasticscompany,reportedassetsbetween$9.2millionand$39.7million.johnsonreportedowninga5percentinterestinthecompany,valuedat$4.5million.rubio'sroyaltiesontheotherhand,senatormarcorubiooffloridareportedapotentiallynegativenetworth,withassetsofbetween$259,000and$860,000andliabilitiesofbetween$450,000and$1million.rubio,aprospective2016republicanpresidentialcandidate,received$800,000inroyaltiesfrompenguingroupusainc.forhis2012memoir,"anamericanson."hepaidoffhisremainingstudentloansofbetween$100,000and$250,000."whenifinishedschool,iowedover$100,000instudentloans,adebtipaidoffjustafewmonthsago,"rubiosaidinfebruaryashedeliveredtheofficialrepublicanresponsetopresidentbarackobama'sstateoftheunionaddress.theyoungestu.s.senator,freshmandemocratchrismurphyofconnecticut,andhiswifeeachowedbetween$15,000and$50,000instudentloans,hisreportshowed.murphy,39,reportedassetsofbetween$70,000and$225,000.warren'sholdingsfreshmansenatorelizabethwarren,amassachusettsdemocratandharvarduniversityemeritusprofessor,andherhusbandbrucemann,aharvardlawprofessor,reportedassetsofbetween$3.8millionand$10.2million.mostofitwasintiaa-creffunds,includingonevaluedatbetween$1millionand$5million.warrenreceived$59,417fromaspenpublishersforaseriesofbooks,including"bankruptcyandarticle9"and"securedcredit:asystemsapproach,"and$103inroyaltiesfromyaleuniversitypressfor"thefragilemiddleclass."senatortedcruz,atexasrepublicanelectedlastnovember,tookapaycuttocometowashington.hewaspaid$1millionlastyearbyhislawfirm.hereportedassetsofbetween$2.2millionand$5.1million,includingan$843,000loantohiscampaignasofdec.31,2012.liabilitiesincludeagoldmansachsgroupinc.(gs)marginloanofbetween$250,000and$500,000.senatorrandpaul,akentuckyrepublicanalsomentionedasapossible2016presidentialcontender,receivedanextensionofthedeadlinetofile.tocontactthereportersonthisstory:jonathand.salantinwashingtonatjsalant@bloomberg.net;greggirouxinwashingtonatggiroux@bloomberg.net.[replacedtest32]
J_Brandt
50%
50%
J_Brandt,
User Rank: Apprentice
12/24/2013 | 9:57:18 AM
Who to Trust?
Schneier hits it on the head.  "We no longer know whom to trust.  This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."  Who DO you trust?  Management in many industries does not like security.  It's invasive, slows them down, makes it harder to use their smartphones when driving.  Now they have more excuses to do nothing.
DovA648
50%
50%
DovA648,
User Rank: Apprentice
12/24/2013 | 9:22:08 AM
Who's Against Who?
The NSA is busy keeping you (us) protected from organized terror, etc. Why in the world is everybody up in arms and shooting themselves in the foot?? For the sake of privacy? Governments have had their agents and double agents around for over a hundred years, why is everybody waking up just now? Our taxes from our hard-earned money go to the NSA. So who's exactly against who??
Fill
100%
0%
Fill,
User Rank: Apprentice
12/23/2013 | 7:31:57 PM
Re: Quid pro what?
WKash, good thougts.  I guess it is just unfortunate that they cashed in their trust, skirted around the law and constitution, and (at best) mislead Congress under oath.  During 2000, I was an active Linux kernel maintainer and was quite enthralled with SELinux.  At the time I was proud to tout that our IT department was adopting security tools released by the NSA.  Today, I'd be laughed at if not dismissed for making the same claims.
WKash
100%
0%
WKash,
User Rank: Apprentice
12/23/2013 | 7:02:12 PM
Re: Quid pro what?
Fill, it's certainly speculation to guess what the NSA and the administration were thinking since 2000. But NSA Dir. Gen. Alexander has made it apparent in the speeches I've heard him give over the past three yeas that 9/11 attacks (yes during the Bush/Cheney years) cast the work of NSA under a heavier mandate to track down terrorists. At the same time, the resouces became available to tackle much larger volumes of information but not the time to crack the encryption on all that data. So they had to find ways around the problem.    
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio