Reuters reports that the NSA paid massive computer security firm RSA $10 million to promote a flawed encryption system so that the surveillance organization could wiggle its way around security. In other words, the NSA bribed the firm to leave the back door to computers all over the world open.
Thanks to documents leaked by Edward Snowden, we already knew the NSA played a central role in promoting a flawed formula for generating random numbers, which if used in encryption, essentially gives the spies easy access to computing systems. A piece of RSA software, bSafe, became the most significant vector for the security flaw. The encryption tools which hundreds of millions of people rely on to protect the private information are significantly weaker as a result.
The sickening revelation is that the NSA paid RSA to make sure that the formula got into the software just the way they wanted it to. Both the NSA and RSA haven’t directly acknowledged the deal, but Reuters claims to have thoroughly vetted it with sources inside the security company.
The report is just the latest which shows that—in an effort to collect as much information as possible—the NSA has been systematically undermining security infrastructure for decades. While some of Reuters’ sources appear to think that RSA was duped by the government, it seems pretty clear now that the company knew what it was doing when it entered into a secret contact with the NSA. Disgusting. [Reuters]