Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Security Researcher Backs Out of RSA Conference Talk After NSA Controversy

F-Secure Chief Research Officer Mikko Hypponen said he is cancelling his talk at the upcoming RSA security conference in February due to reports RSA received money from the NSA several years ago to use a flawed algorithm in RSA’s BSAFE encryption product.

F-Secure Chief Research Officer Mikko Hypponen said he is cancelling his talk at the upcoming RSA security conference in February due to reports RSA received money from the NSA several years ago to use a flawed algorithm in RSA’s BSAFE encryption product.

The allegation against RSA, now a division of EMC, surfaced last week in a report by Reuters that said the company took $10 million from the security agency to make sure the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) was used by default in BSAFE. The algorithm was found to be flawed as early as 2006. However, the company kept using it by default until September, when the National Institute of Standards and Technology (NIST) advised organizations to stop using it.

In a letter to EMC CEO Joseph M. Tucci and Art Coviello, executive chairman of RSA, Hyponnen said he was backing out of his talk, which ironically was called ‘Governments as Malware Authors.’

“I don’t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA,” Hypponen wrote. “In fact, I’m not expecting other conference speakers to cancel. Most of your speakers are American anyway – why would they care about surveillance that’s not targeted at them but at non-Americans. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I’m a foreigner. And I’m withdrawing my support from your event.”

RSA said it had no comment on the matter when contacted by SecurityWeek. However, the company did issue a statement recently saying it had never engaged in any contract or project with the intent of weakening their own products or introducing backdoors for the NSA to use.

“We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption,” according to the company’s statement. “At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.”

The RSA conference runs from Feb 24 to 28 and will be held in San Francisco.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.