The security company RSA was given $10 million by the NSA to weaken one of their security products:
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
If you work in a corporation, you may have used a RSA product like SecurID to access your corporate network. After revelations like this, any RSA product is automatically suspect. I assume most corporate security people, who are incredibly risk-averse and ass-covering, will never recommend a RSA product again. That’s certainly true for any international customer thinking about buying from RSA.
You can blame the NSA, you can blame RSA, or you can blame Snowden for leaking this, but this kind of thing was going to come out at some time. It was incredibly shortsighted for RSA to risk their company–and, really, the reputation of any US security company–for $10 million of quick revenue.
But I guess I shouldn’t be surprised, because RSA is just another casualty of the out-of-control stupidity of the War on Terror. I had the unfortunate need to take a business trip this week, and while standing in the endless TSA line with crying children and miserable holiday travelers, I had yet another opportunity to reflect on how smart Osama bin Laden’s 9/11 strategy was. He knew that we were easily scared and prone to overreaction. He knew we’d pour millions of dollars into pointless security theater, and that a lot of our veneration of constitutional liberty was just lip service. So when I got my pat-down because the Rapiscanner decided that something under my armpits (powerful BO?) was suspicious, or when I watched people carefully separate out little baggies full of liquids and gels to counter a comic book threat, I had to once again appreciate the genius of that malignant fucker, because he’s still winning the long game.