If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them.
According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak.
So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily.
Recommending bad cryptographic standard is one thing, but accepting 10 million to deliberately implement is something very shameful for a respected Security company.
The new revelation is important, cryptographer and Security expert Bruce Schneier said, because it confirms more suspected tactics that the NSA employs. "You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said.
RSA, now owned by computer storage firm EMC Corp, and has maintained its stand of not colluding with NSA to compromise the security of its products, "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products,"
Both the NSA and RSA haven't directly acknowledged the deal. But after Snowden revelations, What is the RSA's credibility or of other American software and networking companies?