Security News > 2020 > October > NSA: We've learned our lesson after foreign spies used one of our crypto backdoors – but we can't say how exactly

NSA: We've learned our lesson after foreign spies used one of our crypto backdoors – but we can't say how exactly
2020-10-28 23:44

It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software.

On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden's efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.

Wyden staffers in 2018 were told by the NSA that a "Lessons learned" report about the incident had been written.

When former NSA contractor Edward Snowden leaked agency secrets in 2013, Reuters reported that years earlier security firm RSA, now part of storage biz EMC, had accepted a $10m contract with the NSA to use Dual Elliptic Curve, or Dual EC, encryption.

The NSA also declined to provide backdoor policy details to Reuters, stating that it doesn't share "Specific processes and procedures." The news agency says three former senior intelligence officials have confirmed that NSA policy now requires a fallout plan with some form of warning in the event an implanted back door gets discovered and exploited.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/28/nsa_backdoor_wyden/