Dual_EC_DRBG, a random number generator standardized by NIST in 2006, contained a cleverly hidden kleptographic backdoor enabling the NSA to decrypt SSL/TLS connections. Cryptographers Shumow and Ferguson identified the suspicious design in 2007, but it was only confirmed by Snowden's 2013 leaks. Reuters revealed the NSA paid RSA Security $10 million to make the compromised algorithm the default in their widely-used BSAFE library. NIST withdrew the standard in 2014.
“The NSA has deliberately weakened encryption standards to maintain the ability to break encrypted communications. They paid companies to use their backdoored algorithm.”
From “crazy” to confirmed
The Claim Is Made
This is the moment they called it crazy.
In 2007, two cryptographers named Dan Shumow and Fergus Ferguson stood up at an industry conference and raised an uncomfortable question: why did a newly standardized random number generator contain what appeared to be a hidden mathematical backdoor? Their suspicion was met with skepticism, denial, and silence from the very agencies that had blessed the algorithm.
The algorithm in question was called Dual_EC_DRBG, endorsed by the National Institute of Standards and Technology (NIST) in 2006. Random number generators are the invisible foundation of digital encryption—they're what makes your bank transactions, medical records, and confidential emails impossible to predict or intercept. If someone could predict the "random" numbers, they could break the encryption protecting nearly everything sensitive on the internet.
Shumow and Ferguson didn't accuse anyone outright. They simply noted that the mathematical constants embedded in Dual_EC_DRBG appeared to have been chosen in a way that would allow someone holding a secret key to predict its output. The design was elegant—suspiciously so. It seemed like kleptography, a term for deliberately hidden backdoors in security systems. But nobody could prove it, and the algorithm remained in circulation, recommended by industry standards and adopted by major security companies.
The official response was dismissal. The algorithm had passed peer review. It had been adopted by NIST. Questioning it seemed paranoid. Adoption grew anyway, particularly through RSA Security's BSAFE cryptography library, which was widely used by banks, government contractors, and private companies worldwide.
Then came Edward Snowden's 2013 intelligence leaks. Among thousands of classified documents was evidence that vindicated Shumow and Ferguson's suspicions: had indeed inserted the backdoor into Dual_EC_DRBG. The leaks also revealed something darker still. In 2013, Reuters obtained a secret contract showing that RSA Security had received $10 million from the NSA in 2004—years before the NIST standardization—and that money was specifically tied to making Dual_EC_DRBG the default algorithm in BSAFE.
Get the 5 biggest receipts every week, straight to your inbox — plus an exclusive PDF: The Top 10 Conspiracy Theories Proven True in 2025-2026. No spam. No agenda. Just the papers they couldn't hide.
You just read "The NSA planted a backdoor in a global encryption standard a…". We send ones like this every week.
No one's said anything yet. Be the first to drop your take.
Confirmed: They Were Right
The truth comes out. Officially documented.
Confirmed: They Were Right
The truth comes out. Officially documented.
The mathematics was real. The payment was documented. The capability existed. An agency with surveillance authority had paid a private company to deploy a compromised standard affecting millions of users, all while maintaining the public fiction that the algorithm was secure.
NIST withdrew the standard in 2014, calling it "no longer suitable for general use." Companies scrambled to patch their systems. Security professionals faced an uncomfortable truth: the very institutions and companies they relied on to protect their privacy had participated in undermining it.
What makes this case extraordinary is not that government agencies pursue surveillance capabilities—that's relatively predictable. What matters is the premeditation, the financial arrangements with private companies, and the public deception. For six years, companies and individuals made security decisions based on a standard they had no way of knowing was compromised. Trust in encryption, in standards bodies, and in the security industry itself was shattered. More than a decade later, many still wonder what other backdoors might be hiding in plain sight within standards we use every day.
Beat the odds
This had a 0.4% chance of leaking — someone talked anyway.
Conspirators
~150Network
Secret kept
6.4 years
Time to 95% exposure
500+ years
