Pages

Saturday, December 21, 2013

NSA PAID COMPUTER SECURITY FIRM TO WEAKEN ENCRYPTION

 
The National Security Agency arranged a clandestine US$10 million contract with computer security power RSA that allowed the spy agency to embed encryption software it could use to infiltrate the company’s widely used products, Reuters reported.
 
Revelations provided by former NSA contractor Edward Snowden and first reported in September showed that the NSA created and perpetuated a corruptible formula that was ultimately a “back door” into encryption products.
 
Reuters later reported RSA became the lead distributor of the formula, installing it into a software tool known as BSAFE that is widely used to boost security in personal computers and other products.
 
Unknown then was the $10 million deal that set the NSA’s formula as the default method for the security measure - in which random numbers are generated on a key for access to a product - in BSAFE, according to Reuters’ sources.  Though the sum of money for the deal seems low, it represented over a third of revenue the relevant division at RSA had made the previous year, according to security filings.
 
RSA was previously known for its crusading fights to protect computer security and privacy in the face of government interests, as it played a major role in blocking an effort by the NSA in the 1990s to require a special chip that would have enabled surveillance on many computer and communication products.
 
Following the September disclosure, RSA, now a subsidiary of computer storage company EMC Corp, privately warned thousands of its customers to immediately discontinue using all versions of company's BSAFE toolkit and Data Protection Manager (DPM), both using Dual_EC_DRNG (Dual Elliptic Curve Deterministic Random Bit Generator) encryption algorithm to protect sensitive data.

Source - http://rt.com/usa/rsa-nsa-deal-weaken-encryption-581/

********************************************************************************

No comments:

Post a Comment

Thank you for visiting my blog. Your comments are always appreciated, but please do not include links.