NSA Paid Security Firm $10 Million to Distribute Bad Encryption
A new Reuters report explains how the National Security Agency was able to get its backdoor encryption onto so many machines.
A new Reuters report explains how the National Security Agency was able to get its backdoor encryption onto so many machines:
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
As The Verge explains, this answers a key question raised by the Snowden leaks:
When leaked documents claimed to have caught the NSA inserting bad protocols into the national standards board NIST, it raised more questions than answers. Why would the NSA go to the trouble of inserting a inferior standard into NIST’s set of four, when most cryptographers would simply ignore the bad algorithm in favor of the others? Even if foul play had occurred, what was the agency getting out of the deal?
Now, a Reuters exclusive report is showing the other side of the story. The report details a secret deal between the NSA and respected encryption company RSA, in which the agency paid $10 million for RSA to incorporate the weaker algorithm into an encryption product called BSafe. Because of the earlier work, the algorithm had been approved by NIST, so RSA could claim their encryption used only nationally certified protocols. At the same time, BSafe’s encryption was defaulting to a fundamentally flawed encryption algorithm, which the NSA could subvert whenever they needed to.
— Posted by Peter Z. Scheer
Your support matters…Independent journalism is under threat and overshadowed by heavily funded mainstream media.
You can help level the playing field. Become a member.
Your tax-deductible contribution keeps us digging beneath the headlines to give you thought-provoking, investigative reporting and analysis that unearths what's really happening- without compromise.
Give today to support our courageous, independent journalists.
The reality of the Cambridge Analytica/Facebook scandal is far more sinister than a loss of personal privacy.
And this time there's "much less public scrutiny," writes Trevor Timm at The Guardian.
The bill, which would have penalized companies that refuse to cooperate with the government over encrypted phones, did not go to a vote.
The controversy over encryption has been one of the biggest public debates of the year so far, yet the Democratic presidential candidates have been largely silent on the subject.
WhatsApp, an online messaging service owned by Facebook, has over a billion users -- and as of Tuesday, any exchanges done via the app will be encrypted.
Although the year-long, concerted effort of hundreds of journalists is an admirable feat, their analysis may be overlooking crucial evidence involving corruption by Western corporations and billionaires.
You need to be a supporter to comment.
There are currently no responses to this article.
Be the first to respond.