IT security firm RSA was forced to deny reports that it was secretly paid $10 million by the US National Security Agency (NSA) to allow a backdoor in its encryption software.
Accord to reports by Reuters, the company took payment from the NSA to use a flawed random number generator in its products, known as the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRGB). The technology has been part of some RSA products since 2004.
The Reuters' report alleged that the deal was part of a greater effort by the NSA to enhance surveillance by systematically eroding the effectiveness of security tools.
The sum of money represented around a third of its revenue for that year, according to the report. EMC acquired RSA in 2006 for $2.1 billion.
In a blogpost. RSA "categorically" denied all allegations. The firm said that is has "never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential backdoors' into our products for anyone's use."
The vendor said that it included Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption," the firm stated.
RSA added that the algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been "free to choose whichever one best suits their needs."
It said it only when the US National Institute of Standards and Technology (NIST) recommended no further use of this algorithm in September 2013, did it tell customers to stop using the encryption technology.
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicised it. Our explicit goal has always been to strengthen commercial and government security," the company added.
-
What to look out for at RSAC Conference 2025Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
-
'You need your own bots' to wage war against rogue AI, warns Varonis VPNews Infosec pros are urged to get serious about data access control and automation to thwart AI breaches
-
CrowdStrike CEO: Embrace AI or be crushed by cyber crooksNews Exec urges infosec bods to adopt next-gen SIEM driven by AI – or risk being outpaced by criminals
-
Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstreamNews RSA keynote paints a terrifying picture of billion-plus GenAI users facing innovative criminal tactics
-
APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source componentsNEWS Apps and APIs bear the brunt as threat actors pivot to living off the land
-
AI is changing the game when it comes to cyber securityNews With AI becoming more of an everyday reality, innovative strategies are needed to counter increasingly sophisticated threats
-
RSAC Chairman urges collaboration to ensure collective defense in securityNews Chairman emphasizes the critical need for cooperation among cyber security experts
-
Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do itNews Hackers are researching key IT workers in their bid to gain access to vital systems
