Reuters revealed RSA took payment from NSA to make NSA's flawed Dual_EC_DRBG the default in their software. Internal NSA documents showed the algorithm contained a backdoor for surveillance.
“RSA always acts in the best interest of security for our customers and has never deliberately weakened our products”
From “crazy” to confirmed
The Claim Is Made
This is the moment they called it crazy.
When Edward Snowden's NSA leaks began surfacing in 2013, security researchers noticed something odd in the documents. A cryptographic algorithm called Dual_EC_DRBG, which had been quietly adopted as a default standard in RSA Security's software, appeared to contain a mathematical weakness that looked deliberately engineered. The suspicion was dark: had the NSA somehow influenced RSA to weaken encryption that millions of people depended on?
For years, RSA and federal officials denied any improper relationship. The company insisted its decisions were made independently based on technical merit. Security experts who questioned Dual_EC_DRBG were often dismissed as conspiracy-minded. The algorithm had been blessed by NIST, the National Institute of Standards and Technology, so surely the vetting process was sound. Dual_EC_DRBG became embedded in countless security products, protecting everything from financial transactions to classified communications. Most users never knew the debate existed.
Then, in December 2013, Reuters published an investigation that changed everything. The news organization obtained internal NSA documents, courtesy of Snowden, showing that the agency had indeed pressured RSA Security to make Dual_EC_DRBG the default in their toolkit. The kicker: Reuters also revealed that RSA had received $10 million from the NSA for doing so. This wasn't speculation or inference—it was a documented contract.
The documents showed the NSA knew something others didn't. Internal agency papers revealed that Dual_EC_DRBG contained a backdoor, a hidden weakness that theoretically allowed the NSA to decrypt communications protected by the algorithm. The agency had engineered the standard specifically so it would appear secure to outside observers while leaving a skeleton key in NSA's pocket. By paying RSA to make it the default, they had ensured massive adoption.
Get the 5 biggest receipts every week, straight to your inbox — plus an exclusive PDF: The Top 10 Conspiracy Theories Proven True in 2025-2026. No spam. No agenda. Just the papers they couldn't hide.
You just read "RSA Security Secretly Accepted $10 Million to Weaken Encrypt…". We send ones like this every week.
No one's said anything yet. Be the first to drop your take.
What made this verification particularly damning was the specificity. This wasn't a vague accusation. Reuters had the contract. They had the NSA memos. They had the dollar figure. RSA's response, when it came, was telling. The company didn't deny receiving money or collaborating with the NSA. Instead, it claimed it hadn't understood the security implications of the algorithm and had been naive in trusting government guidance. It later removed Dual_EC_DRBG from its products and apologized.
The incident revealed something fundamental about how surveillance infrastructure gets built. It's not always dramatic raids or court orders. Sometimes it's quieter: a large government contract, a default setting, a trusted company making what seems like a technical choice. By the time anyone notices, the weakness has already propagated through thousands of security products used by governments, banks, and ordinary people.
This matters because it undermined public trust in encryption standards themselves. If NIST could be influenced, if major security companies could be bought, how could anyone know which tools were actually secure? The Dual_EC_DRBG case wasn't an isolated incident—it was a window into how the security industry actually works. Cryptographers became more skeptical of government-endorsed standards. Companies became more cautious about NSA influence. And ordinary people learned that sometimes the conspiracy theories weren't theories at all.
Beat the odds
This had a 0.7% chance of leaking — someone talked anyway.
Conspirators
~150Network
Secret kept
12.4 years
Time to 95% exposure
500+ years
