CIO Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
Daily Briefing for Technology's Top Decision-Makers
Vblock™ Systems:
Advanced converged infrastructure
increases productivity & lowers costs.

www.vce.com
Thursday, April 24th 
Next Generation Data Center Is Here!
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Enterprise Software
Enterprise Hardware
Big Data
Network Security
Cloud Computing
CRM Systems
Data Storage
Operating Systems
Communications
CIO Issues
Mobile Tech
Chips & Processors
World Wide Web
Business Briefing
After Hours
Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

World Wide Web

Did NSA Pay Security Firm $10M To Weaken Encryption?

Did NSA Pay Security Firm $10M To Weaken Encryption?
December 23, 2013 12:53PM

Bookmark and Share
In light of revelations by whistleblower Edward Snowden about the NSA's snooping tactics, individuals and businesses have flocked toward encryption to thwart this spying. But if RSA, a leading encryption provider, was paid $10 million to operate as a partner to the NSA, the benefits of its encryption are questionable at best.

Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.

Unlike some whistleblowers, Edward Snowden has decided to stagger the release of his NSA (National Security Agency) documents to ensure that Americans fully understand what the U.S. spy agency is doing. In September, Snowden revealed that the NSA had worked with security firm RSA in order to weaken the firm's encryption standards. Now, a new report shows that the NSA may have paid off RSA to do this.

Sources close to the matter have come out recently stating the RSA received $10 million from the NSA as part of a U.S. campaign to weaken encryption standards. In September, documents revealed that RSA was actually using the NSA's own algorithms in some of its services and by doing this, the firm guaranteed that the NSA would not have any trouble breaking through the encryption.

The Denial

Even though the Snowden documents and these most recent reports seem convincing, RSA has already jumped out into the media to deny any sort of secret deal with the NSA. "We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security," RSA said in response to these reports.

If RSA did receive the $10 million from the NSA, the firm would have been operating in a way that is completely different from the way that it operated in the 1990s. Nearly two decades ago, RSA actually led a fight against the NSA, which was trying to implement a system to allow the agency to decrypt phone conversations with ease.

Although it may have been pro-privacy in the 1990s, these reports suggest that once the early 2000s came along, a lot changed within the company. The reports indicate that some of these changes were so drastic that employees actually left the firm because of the direction that it was taking. Assuming that these allegations are correct, one of those extreme changes was the firm's secret deal with the NSA.

Defeating Encryption

In light of the Snowden revelations, individuals and businesses have flocked toward encryption to thwart attempts by the government to spy on them. This may be a good idea in some situations but if RSA, a leading encryption provider, has been operating as a partner to the NSA, the benefits of its encryption are questionable at best.

As early as 2007, academic reports confirmed that RSA was using a potentially flawed encryption standard with its Dual EC DRBG number generator. Despite these reports, RSA continued to use the generator and it never told customers to avoid using the standard until this September when it became obvious that the Dual EC DRBG generator was not working.

If the NSA did indeed pay off RSA to continue using a flawed encryption standard, it would confirm some of the suspicions that people have already had for months.

Tell Us What You Think
Comment:

Name:

james taylor:

Posted: 2013-12-24 @ 5:03am PT
Trustworthiness is an important factor in the complexion of further business dealings. If trust is broken, there is bound to be consequences whether presently or later on. The titlewave of distrust is ever growing. There will be an end result from all of this.

mike t:

Posted: 2013-12-24 @ 4:21am PT
And why was Richard Nixon forced to leave office? (Hint: Watergate)

Maria Roberts:

Posted: 2013-12-23 @ 5:26pm PT
Unfortunately the $10 million didn't come from the NSA, it came from the taxpayers pockets, and if we don't like that thought, it's up to us to shut it down. That and give Ed Snowden the Medal of Honor.

msbpodcast:

Posted: 2013-12-23 @ 3:13pm PT
"Yes" And that is the answer to your question. Look to RSA to start shedding customers faster that a mangy dog sheds fur... People went to RSA for SECURITY not to get a security HOLE. They won't forgive so easily.



 World Wide Web
1. FCC Defends Internet Traffic Proposal
2. Google Maps, Now with Time Travel
3. NYPD Twitter Campaign Backfires
4. Net Gets Faster, But Easier to Attack
5. Verizon Report Exposes Cyberthreats


Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  IBM Targets Big Data with Power8 Line
  Opera Coast Offers Safari Alternative
  FCC Defends Internet Traffic Proposal
  Fund Seeks To Head Off Heartbleeds
  Salesforce Developing App SOS Button

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.
 
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Navigation
CIO Today
Home/Top News | Enterprise Software | Enterprise Hardware | Big Data | Network Security | Cloud Computing | CRM Systems
Data Storage | Operating Systems | Communications | CIO Issues | Mobile Tech | Chips & Processors | World Wide Web
Business Briefing | After Hours | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 CIO Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.