https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Tech Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Tech Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


RSA Heatedly Denies Secret $10 Million NSA Deal

  • Written by DH Kass 1
  • December 24, 2013

In a scenario straight out of a spy novel, RSA, the security division of storage powerhouse EMC (EMC), heatedly denied a Dec. 20 Reuters report that it accepted a clandestine $10 million deal in 2006 with the U.S. National Security Agency to embed known faulty security code into its encrypted products.

In a scenario straight out of a spy novel, RSA, the security division of storage powerhouse EMC (EMC), heatedly denied a Dec. 20 Reuters report that it accepted a clandestine $10 million deal in 2006 with the U.S. National Security Agency (NSA) to embed known faulty security code into its encrypted products.

Reuters reported that RSA, as part of a back-room deal with the NSA, incorporated the agency's Dual Elliptical Curve algorithm, a defective random number generator, into its widely used BSafe security toolkit, potentially leaving personal computers and other gear vulnerable to snooping. The BSafe software is embedded in thousands of commercial products. 

The report, which cited two sources familiar with the contract, also referenced “dozens” of current and former RSA staffers who said the company was at fault for agreeing to the deal but also asserted NSA officials had mischaracterized the agency’s intentions.

In a blog posted on Dec. 22, RSA acknowledged it has worked with the NSA, but “categorically” denied that it had built back doors into its products.

Here are some excerpts from RSA’s response:

“Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation. …”

“… We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security. …”

“… We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption. This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs. …”

“… RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use. …”

Some aspects of this latest skirmish aren’t new. In September, The New York Times reported that documents exposed by former NSA contractor Edward Snowden revealed the agency’s plan to create a backdoor in encrypted products. RSA, citing a National Institute of Standards and Technology (NIST) bulletin, subsequently issued a memorandum cautioning users against using the algorithm option in its BSafe toolkit.

What’s new here, however, is the charge that RSA accepted money from the NSA to leave open an end-around into products used by its customers. To say the least, for a company with a long, vocal history of leading the privacy and security charge in technology, that wouldn’t be good.

Tags: Agents Cloud Service Providers MSPs VARs/SIs Security

Most Recent


  • New Solutions
    Google Cloud Security Summit: New Solutions for Zero Trust, Software Supply Chain, More
    The new solutions will help partners help their customers more quickly and easily adopt Google Cloud’s security capabilities.
  • Veeam CEO Anand Eswaran at VeeamON 2022
    Veeam's New CEO Wants 'Outsized' Data Protection Software Market Share
    Veeam CEO Anand Eswaran shares ambitious goal at VeeamON conference, where he also shared alarming ransomware trends.
  • Technology Market Opportunities Abound Amid Market Volatility
    There are new and increasing opportunities for those eager to embrace the future of technology.
  • marketplace
    AppDirect Adds Aryaka to AppSmart Marketplace in SD-WAN, SASE Milestone
    Aryaka simplified its technology portfolio and created offerings that can be purchased in a marketplace.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Paying ransomware
    Feds Seize Most of Ransom Paid in Colonial Pipeline Ransomware Attack
  • IPO
    6 Things to Know About the Upcoming SentinelOne IPO
  • Acquisition fish eating little fish
    Deloitte Joins Cloud Cybersecurity Craze with CloudQuest Purchase
  • Qualys Philippe Courtot Obit
    Security Industry Mourns Death of 'Pioneer' Philippe Courtot

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

Google Cloud Security Summit: New Solutions for Zero Trust, Software Supply Chain, More

May 17, 2022

Unprecedented Times Impacting Cybersecurity Channel Partners

May 16, 2022

8 Channel People Making Waves This Week at Avant, Cisco, Databricks, More

May 13, 2022

Industry Perspectives

View all

Build Customers for Life with CX and Lifecycle Selling

May 16, 2022

Voice Analytics Are a Must-Have as Companies Evolve COVID-Rushed Tech

May 12, 2022

Top 5 Trends and Challenges Channel Partners Are Facing in 2022

May 9, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

The AT&T Cybersecurity Incident Response Toolkit

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

#GoogleCloudSummit unveils new solutions for #zerotrust, supply chain security. @googlecloud dlvr.it/SQZ2By https://t.co/37buEDQ030

May 18, 2022
ChannelFutures

.@Veeam CEO @anandeswaran is gunning for outsized share of data protection market at #veeamOn2022… twitter.com/i/web/status/1…

May 18, 2022
ChannelFutures

#ChannelEurope keynote with @contextworld addresses partners staying calm amid market volatility.… twitter.com/i/web/status/1…

May 17, 2022
ChannelFutures

Read about how the partnership between @AryakaNetworks and @AppSmartcom is a milestone for both companies.… twitter.com/i/web/status/1…

May 17, 2022
ChannelFutures

.@pathlock secures $200 million in new funding, announces M&A to increase capabilities. #appsecurity… twitter.com/i/web/status/1…

May 17, 2022
ChannelFutures

Mark your calendar for our upcoming #VirtualWorkshop! On May 26th at 2 p.m. EDT, this session will show you the pow… twitter.com/i/web/status/1…

May 17, 2022
ChannelFutures

Let's take a look at last year's incredible #DEI101 honorees > spr.ly/6015zEq67. The nomination form is open… twitter.com/i/web/status/1…

May 17, 2022
ChannelFutures

Read about the latest tool from @telarus. dlvr.it/SQX4Pl https://t.co/khXDQWeVW8

May 17, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X