Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

RSA Denies Trading Security For NSA Payout

EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.

RSA was put on the defensive on Friday, after a report surfaced suggesting that the EMC-owned security firm accepted a $10 million payment from the National Security Agency (NSA) to select a weak random number generator as the default for its BSAFE encryption libraries.

That allegation was first reported by Reuters, which said it based its report on interviews with a dozen current and former employees of RSA. The alleged "secret" $10 million contract, signed in 2006, would have represented more than one third of the annual revenue of RSA's labs division the year prior to the contract being signed.

On Sunday, RSA issued a statement denying that it had "entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries."

The company added that at no point had it built backdoors into its products. "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," it said. "Decisions about the features and functionality of RSA products are our own."

[Google's biannual report points to an increase in government efforts to erase content that's critical of it. Read Google Says Governments Fight Transparency.]

But according to the Reuters report, the NSA has enjoyed backdoor access to any of those BSAFE-using products for which administrators employed RSA's recommended -- or default -- security settings. How many products would have been vulnerable? According to RSA's website, "BSAFE software is embedded and tested in thousands of commercial applications and is available in C/C++ and Java," including products made by BMC, Datamaxx, and EMC.

The allegations contained in the Reuters report follow the Guardian and The New York Times, among other publications, which detailed in September documents leaked by former agency contractor Edward Snowden concerning Project Bullrun. The NSA project appeared to be designed to give the intelligence agency's analysts the ability to do an end-run around the crypto that's supposed to secure HTTPS, VoIP, and Secure Sockets Layer, among other protocols.

"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies," read a leaked NSA document.

But the documents also documented how the NSA worked with some vendors of commercial encryption products "to make them exploitable," as well as required other U.S. vendors -- in what were described as "commercial relationships with industry partners" -- to add backdoor access to their software and hardware.

According to the Friday report in Reuters, in 2006, RSA's new CEO, Art Coviello, accepted a pitch from the NSA that the security company adopt its Dual Elliptic Curve algorithm (a.k.a. Dual EC DRBG), which is supposed to generate random numbers.

But according to RSA, the choice to select the algorithm dated from 2004. "We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption," said the company's statement. "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption."

It added that customers have always been free to select from multiple algorithms. "This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs," RSA said.

Earlier this year, in the wake of ongoing disclosures by Snowden, both NIST and RSA began recommending that organizations discontinue using the Dual Elliptic Curve algorithm. But concern over the Dual Elliptic Curve algorithm began in 2006, and was followed by a 2007 Crypto conference revealing what Bruce Schneier, chief security technology officer of BT, described at the time as "a weakness that can only be described as a backdoor."

"This is scary stuff," he said at the time, and recommended that no one use Dual EC DRBG "under any circumstances."

But until September 2013, RSA continued to offer the algorithm as its BSFAFE toolkit library's default option. "We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS [Federal Information Processing Standards] compliance," read RSA's Sunday statement. "When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion."

Documents leaked earlier this year by Snowden have suggested that NIST worked with NSA to actively weaken the encryption protocols used in commercial products.

"We no longer know whom to trust," Schneier said in a Monday blog post. "This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
User Rank: Ninja
1/4/2014 | 6:56:04 PM
We Didn't Sell no stinkin' backdoor for $10M
Sorry, but I'm not buying the "who me" routine by RSA.  Either it built in backdoors (as evidenced by the 2006 contract and testimony of former employees) or it did not.  RSA cannot have it both ways.  Only uninformed rubes and stockholders will believe their obfuscations and lies.
noah body
noah body,
User Rank: Apprentice
12/27/2013 | 5:32:23 AM
Re: Why in the world is everybody up in arms?? For the sake of privacy?

Yeah, for the sake of privacy! 

I know that's laughable to you NSA spooks, but we don't want the government reading our email, tracking our location, and doing network analysis on our phone calls.

Until we can drag you out of your Secure Location and throw you up against the wall, I expect you to ignore those wishes, but don't insult us by playing stupid.

noah body
noah body,
User Rank: Apprentice
12/27/2013 | 5:13:07 AM
How did anyone get fooled by this?
The random seeds of a crypto algorithm can be anything, as long as they're not all the same and everyone knows what they are. "Nothing up my sleeve numbers" are used specifically to insure that sleazy stuff like this doesn't happen.

As I remember, before 9/11 the random seeds for SHA were the cube roots of the first N digits of the fractional part of e.  But three weeks after 9/11, the NSA told NIST that those weren't "robust enough for future encryption", and handed them a list of magic numbers, with no explanation of what was wrong with the old ones or what was better about the new ones.

Amazingly, NIST said "Okay, no problem!" to what, to me, would have been obvious shenanigans — almost certainly a backdoor.

Sure, a couple of mathematicians like Schneider called bulls hit, but nobody really cared since the NIST said it was cool. Then—surprise!  The NSA turns out to have backdoored the hash function.

Who could EVER have imagined?

My question now is one I have myself been asked many times: How can someone so smart be so stupid??

Do crypto experts just rubber-stamp whatever comes along while waiting for lunchtime?  Didn't anyone find the 9/11 timing suspicious?  Why didn't anyone ask why we needed new random seeds?

These are not rhetorical questions and I would very much like to know the answers.  Unfortunately, I'm not in a position to demand answers, and the people who are, are either too inimidated, too lazy, too timid, or too bribed by the NSA to ask them.

I long ago learned not to trust code written by anyone other than myself, and more recently learned not to trust anyone at all, in any domain.  But there are people who have a lot at stake in secure systems.

Where are they, and why aren't they raising high holy hell?

--faye kane girl brain, sexiest astrophysicist you'll ever see naked
User Rank: Apprentice
12/24/2013 | 3:06:15 PM
Re: What Schneier says... is good enough for me
This is a problem, but it also feels like an opportunity for companies to strengthen security around their products. 

Many organizations have little incentive to operate within the NSA's rules; rather they may have to comply if asked. But there just might be a value proposition in having the ability to offer better security than that of the next rival. That's something to think about. 
User Rank: Apprentice
12/24/2013 | 1:10:21 PM
Re: Who's Against Who?
The right to Privacy is a Constitutional guarantee in this country. Your comments indicate that you should actually take the time to truly understand what that means. Learn about the architecture of our system of government, why it was created that way, what history has taught us about various forms of government, and how our constitution guides and protects that system. We (the US and ostensibly others) now have the technology to snoop on just about every aspect of our daily lives. That doesn't mean that we should just throw down the gauntlet and surrender our Constitutional rights just because some Government authority says you will sleep better at night. Yeah, go ahead and give the NSA the power to scrape all the info they want. And then, think about how one guy like Snowden can walk out the door with all of that in a briefcase. That's the kind of power that can potentially bring down entire countries.
User Rank: Apprentice
12/24/2013 | 12:35:31 PM
Re: What Schneier says... is good enough for me
checkoutthenetworthofsomeofrsa'sinvestors.financebloombergsportsenterpriseproductsenterprisesolutionstradingsolutionsbloomberganywheresearchsavedregistersigninsigninsearch thissiteusescookies.bycontinuingtobrowsethesiteyouareagreeingtoouruseofcookies.xpleaseupgradeyourbrowserforabetteruserexperience.recentmovertwitterinctwtr(nyse)69.36+4.82+7.47%homenewsquickopinionmarketspersonalfinancetechpoliticssustainabilityluxuryvideoradiomorestoriesgetthebloombergwashingtonnewsletter.learnmorenewsattheintersectionofpoliticsandtheeconomy.deliveredweekdaymorningsestcheckyouremailandconfirmyouraddresstostartreceivingnewsletters.resendconfirmationyouaresubscribedtothebloombergwashingtonnewsletter.subscribetomorenewsletters.signup> headlinespopularlatestrecommended'duckdynasty'dadrisks$500millionwithgay-sinremarksecrethandshakesgreetfratbrothersonwallstreetrussiacrisishauntsdeutschebank'ssmithseeingchinabustfordf-150seenborrowingmilitaryarmortoshieldprofitbritishairways747'swingslicesintojohannesburgbuildingwas2013theyearwelostchina?u.s.stocksrisebeforeholidayondurables,housingdatasalesofnewhomesinu.s.exceedforecasts,staynearfiveyearhighkhodorkovskypardonsignalsputinriftwithrussiaoilczarkalashnikovshouldhavemadefarmtoolschinaconfrontsworkforcedropwithretirement-agedelaybestof2013:howroubiniwouldinvest$1,000nowbasedonyourreadinghistoryyoumaylike'duckdynasty'dadrisks$500millionwithgay-sinremarksecrethandshakesgreetfratbrothersonwallstreetrussiacrisishauntsdeutschebank'ssmithseeingchinabustfordf-150seenborrowingmilitaryarmortoshieldprofitbritishairways747'swingslicesintojohannesburgbuildingwas2013theyearwelostchina? couldcadillacbethebest-sellingluxurycarby2019?britishairwaysjumbojetstrikesabuildingwhytheu.s.leavesitscredit-cardsystemvulnerabletofraudmeetthenavy'snew$150msubmarine-destroyingjetthedollarwillneverfalltobitcoinsponsoredcontentsponsoredcontentpromotedcontentpromotedcontentrecommendedvideos02:3902:39senatedelaysyellenvoteaslawmakersleavetown 01:5701:57obamacaregoodenoughforobama? 00:2500:25senatepassesbudgetplanthateasesspendingcuts 09:3609:36carperonfiskeruseofformergmplantindelaware 00:5200:52senateadvancesyellennominations 04:5404:54mcconnellonsenaterules,budget,debtceiling bytaboolabytaboola [replacedtest15]src="http://www.bloomberg.com/bcom/article/iframe/google-adwords"frameborder="0"scrolling="no">postajobsearchjobstaxadvisorspecialistparttimecpaor...intuit-tucson,azsenioraccountant-considerowninga...selectingafranchise.com-unitedstatesinternalwholesalerdavisselectedadvisers-tucson,azdynamicsnav/navision-accountant-nyc-...nigelfrankinternational-unitedstatesaccountantuniversityofarizona-tucson,azjobsby[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_1"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_1"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="300"height="250">advertisements[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_2"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_2"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31">[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_3"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_3"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31">[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_4"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_4"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="88"height="31"> [replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_0"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_0"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="728"height="90">senateleadersmillionairesinfinancial-disclosuredatabyjonathand.salantandgreggirouxmay22,20139:00pmmt9commentsemailprintsharefacebooktwittergoogle+linkedinemailprintsavephotographer:chipsomodevilla/gettyimagessenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurray...readmoresenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurrayanswerreportersquestionsatthecaptiolonmay9,2013inwashington,dc.closecloseopenphotographer:chipsomodevilla/gettyimagessenatemajorityleaderharryreidandsenatebudgetcommitteechairmanpattymurrayanswerreportersquestionsatthecaptiolonmay9,2013inwashington,dc.[replacedtest15]id="google_ads_iframe_/5262/blp.persfin/save-invest//story_5"style="border:0pxcurrentcolor;border-image:none;vertical-align:bottom;"name="google_ads_iframe_/5262/blp.persfin/save-invest//story_5"src="[replacedtest3]"<html><bodystyle='background:transparent'></body></html>""frameborder="0"marginwidth="0"marginheight="0"scrolling="no"width="300"height="600">senatemajorityleaderharryreidandminorityleadermitchmcconnellreportedtheirnetworthinthemillionsofdollarsastheu.s.senatereleasedpersonalfinancialdisclosurereportsforitsmembers.reid,anevadademocrat,reportedassetsofbetween$2.8millionand$6.3million,includingminingclaimsinhishometownofsearchlightvaluedfrom$100,000to$250,000.kentuckyrepublicanmcconnellandhiswife,elainechao,whoservedasu.s.laborsecretaryunderformerpresidentgeorgew.bush,hadassetsofbetween$9.2millionand$36.5million.chao'sincomeincludedfeesfromsittingoncorporateboards,includingrupertmurdoch'snewscorp.(nwsa)andwellsfargo&co.(wfc)lawmakers,requiredtodisclosetheirfinancialassetsonceayear,reporttheirholdingsinbroadranges.mostsenatedemocraticandrepublicanleadersreportedassetswithupperrangesofatleast$1million.thechamber'sthird-rankingdemocrat,charlesschumerofnewyork,reportedthathiswife,irisweinshall,acityuniversityofnewyorkvicechancellor,earnedmorethanhedidlastyear.hersalarywas$234,368whilehiswas$172,887.theyreportedassetsofbetween$368,000and$1million.thesenatedemocraticconferencesecretary,pattymurrayofwashington,reportedwithherhusbandassetsofbetween$565,000and$1.5million.senatemajoritywhipricharddurbinofillinoisreceivedanextensionofthemay15filingdeadline.credit-carddebtontherepublicanside,minoritywhipjohncornynoftexasreportedassetsofbetween$460,000and$1.4million,andacredit-carddebtofbetween$15,000and$50,000.cornyn,aformertexasattorneygeneralandaformerjudgeonthetexassupremecourtjudge,received$58,939fromtwostateretirementfunds.policycommitteechairmanjohnbarrasso,awyomingrepublican,reportedassetsofbetween$2.7millionand$8.6million.anorthopedicsurgeon,hereceivedbetween$500,000and$1millionfromthesaleofhismedicalpractice,andwaspaid$33,391fromthemedicalpartnershiphewaspartof.republicanconferencechairmanjohnthuneofsouthdakotareportedassetsofbetween$173,000and$596,000.richermembersofthechamberincludesenatecommercecommitteechairmanjayrockefeller,awestvirginiademocrat.hereportedatleast$89millioninassets;amoreprecisenumberisunavailablebecausehelistedhislargestholdingasmorethan$50million.wisconsinrepublicanronjohnson,whofoundedaplasticscompany,reportedassetsbetween$9.2millionand$39.7million.johnsonreportedowninga5percentinterestinthecompany,valuedat$4.5million.rubio'sroyaltiesontheotherhand,senatormarcorubiooffloridareportedapotentiallynegativenetworth,withassetsofbetween$259,000and$860,000andliabilitiesofbetween$450,000and$1million.rubio,aprospective2016republicanpresidentialcandidate,received$800,000inroyaltiesfrompenguingroupusainc.forhis2012memoir,"anamericanson."hepaidoffhisremainingstudentloansofbetween$100,000and$250,000."whenifinishedschool,iowedover$100,000instudentloans,adebtipaidoffjustafewmonthsago,"rubiosaidinfebruaryashedeliveredtheofficialrepublicanresponsetopresidentbarackobama'sstateoftheunionaddress.theyoungestu.s.senator,freshmandemocratchrismurphyofconnecticut,andhiswifeeachowedbetween$15,000and$50,000instudentloans,hisreportshowed.murphy,39,reportedassetsofbetween$70,000and$225,000.warren'sholdingsfreshmansenatorelizabethwarren,amassachusettsdemocratandharvarduniversityemeritusprofessor,andherhusbandbrucemann,aharvardlawprofessor,reportedassetsofbetween$3.8millionand$10.2million.mostofitwasintiaa-creffunds,includingonevaluedatbetween$1millionand$5million.warrenreceived$59,417fromaspenpublishersforaseriesofbooks,including"bankruptcyandarticle9"and"securedcredit:asystemsapproach,"and$103inroyaltiesfromyaleuniversitypressfor"thefragilemiddleclass."senatortedcruz,atexasrepublicanelectedlastnovember,tookapaycuttocometowashington.hewaspaid$1millionlastyearbyhislawfirm.hereportedassetsofbetween$2.2millionand$5.1million,includingan$843,000loantohiscampaignasofdec.31,2012.liabilitiesincludeagoldmansachsgroupinc.(gs)marginloanofbetween$250,000and$500,000.senatorrandpaul,akentuckyrepublicanalsomentionedasapossible2016presidentialcontender,receivedanextensionofthedeadlinetofile.tocontactthereportersonthisstory:[email protected];[email protected][replacedtest32]
User Rank: Apprentice
12/24/2013 | 9:57:18 AM
Who to Trust?
Schneier hits it on the head.  "We no longer know whom to trust.  This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."  Who DO you trust?  Management in many industries does not like security.  It's invasive, slows them down, makes it harder to use their smartphones when driving.  Now they have more excuses to do nothing.
User Rank: Apprentice
12/24/2013 | 9:22:08 AM
Who's Against Who?
The NSA is busy keeping you (us) protected from organized terror, etc. Why in the world is everybody up in arms and shooting themselves in the foot?? For the sake of privacy? Governments have had their agents and double agents around for over a hundred years, why is everybody waking up just now? Our taxes from our hard-earned money go to the NSA. So who's exactly against who??
User Rank: Apprentice
12/23/2013 | 7:31:57 PM
Re: Quid pro what?
WKash, good thougts.  I guess it is just unfortunate that they cashed in their trust, skirted around the law and constitution, and (at best) mislead Congress under oath.  During 2000, I was an active Linux kernel maintainer and was quite enthralled with SELinux.  At the time I was proud to tout that our IT department was adopting security tools released by the NSA.  Today, I'd be laughed at if not dismissed for making the same claims.
User Rank: Apprentice
12/23/2013 | 7:02:12 PM
Re: Quid pro what?
Fill, it's certainly speculation to guess what the NSA and the administration were thinking since 2000. But NSA Dir. Gen. Alexander has made it apparent in the speeches I've heard him give over the past three yeas that 9/11 attacks (yes during the Bush/Cheney years) cast the work of NSA under a heavier mandate to track down terrorists. At the same time, the resouces became available to tackle much larger volumes of information but not the time to crack the encryption on all that data. So they had to find ways around the problem.    
Page 1 / 2   >   >>
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...