Mobile Tech Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Product Reviews for Mobile Tech Users
APC Free White Paper
Optimize your network investment &
Enter to win a Samsung Galaxy Note

www.apc.com
Wednesday, April 23rd 
Real-time info services with Neustar
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Laptops & Tablets
Mobile Phones
Mobile Gadgets
Mobile Apps
BYOD & MDM
iPad
Mobile Industry News
Wireless Connectivity
Wireless Security
GPS & Maps
MTT Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Network Security

Did NSA Pay Security Firm $10M To Weaken Encryption?

Did NSA Pay Security Firm $10M To Weaken Encryption?
December 23, 2013 12:53PM

Bookmark and Share
In light of revelations by whistleblower Edward Snowden about the NSA's snooping tactics, individuals and businesses have flocked toward encryption to thwart this spying. But if RSA, a leading encryption provider, was paid $10 million to operate as a partner to the NSA, the benefits of its encryption are questionable at best.

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

Unlike some whistleblowers, Edward Snowden has decided to stagger the release of his NSA (National Security Agency) documents to ensure that Americans fully understand what the U.S. spy agency is doing. In September, Snowden revealed that the NSA had worked with security firm RSA in order to weaken the firm's encryption standards. Now, a new report shows that the NSA may have paid off RSA to do this.

Sources close to the matter have come out recently stating the RSA received $10 million from the NSA as part of a U.S. campaign to weaken encryption standards. In September, documents revealed that RSA was actually using the NSA's own algorithms in some of its services and by doing this, the firm guaranteed that the NSA would not have any trouble breaking through the encryption.

The Denial

Even though the Snowden documents and these most recent reports seem convincing, RSA has already jumped out into the media to deny any sort of secret deal with the NSA. "We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security," RSA said in response to these reports.

If RSA did receive the $10 million from the NSA, the firm would have been operating in a way that is completely different from the way that it operated in the 1990s. Nearly two decades ago, RSA actually led a fight against the NSA, which was trying to implement a system to allow the agency to decrypt phone conversations with ease.

Although it may have been pro-privacy in the 1990s, these reports suggest that once the early 2000s came along, a lot changed within the company. The reports indicate that some of these changes were so drastic that employees actually left the firm because of the direction that it was taking. Assuming that these allegations are correct, one of those extreme changes was the firm's secret deal with the NSA.

Defeating Encryption

In light of the Snowden revelations, individuals and businesses have flocked toward encryption to thwart attempts by the government to spy on them. This may be a good idea in some situations but if RSA, a leading encryption provider, has been operating as a partner to the NSA, the benefits of its encryption are questionable at best.

As early as 2007, academic reports confirmed that RSA was using a potentially flawed encryption standard with its Dual EC DRBG number generator. Despite these reports, RSA continued to use the generator and it never told customers to avoid using the standard until this September when it became obvious that the Dual EC DRBG generator was not working.

If the NSA did indeed pay off RSA to continue using a flawed encryption standard, it would confirm some of the suspicions that people have already had for months.

Tell Us What You Think
Comment:

Name:

james taylor:

Posted: 2013-12-24 @ 5:03am PT
Trustworthiness is an important factor in the complexion of further business dealings. If trust is broken, there is bound to be consequences whether presently or later on. The titlewave of distrust is ever growing. There will be an end result from all of this.

mike t:

Posted: 2013-12-24 @ 4:21am PT
And why was Richard Nixon forced to leave office? (Hint: Watergate)

Maria Roberts:

Posted: 2013-12-23 @ 5:26pm PT
Unfortunately the $10 million didn't come from the NSA, it came from the taxpayers pockets, and if we don't like that thought, it's up to us to shut it down. That and give Ed Snowden the Medal of Honor.

msbpodcast:

Posted: 2013-12-23 @ 3:13pm PT
"Yes" And that is the answer to your question. Look to RSA to start shedding customers faster that a mangy dog sheds fur... People went to RSA for SECURITY not to get a security HOLE. They won't forgive so easily.



 Network Security
1. Lessons from Verizon's Threat Report
2. Verizon Report Exposes Cyberthreats
3. How Are Web Sites Post-Heartbleed?
4. White House Updating Privacy Policy
5. Target Hackers May Be Tough To Find


Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  OnePlus One Boasts Android Weapon
  Samsung Gear Fit Geared for Exercise
  Google Sharpens Contact Lens Vision
  Samsung: $2.2B Too Much for Apple
  Review: Windows Phone Advances

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
Navigation
Mobile Tech Today
Home/Top News | Laptops & Tablets | Mobile Phones | Mobile Gadgets | Mobile Apps | BYOD & MDM | iPad
Mobile Industry News | Wireless Connectivity | Wireless Security | GPS & Maps | MTT Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Mobile Tech Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.