United States’ National Security Agency (NSA) may have accessed crucial security and financial data belonging to important Indian organisations that used a key cyber security algorithm-based product developed by RSA, an American MNC.
RSA itself admitted last week that the algorithms used in its products and by their developers have an alleged ‘deliberately weakened’ backdoor that was designed by the NSA.
Many government entities including the Central Reserve Police Force (CRPF), Central Board of Direct Taxes, Corporate Affairs ministry, SEBI, NSE, use RSA solutions. Private Indian entities using this product include Genpact, Yes Bank, Kotak Mahindra Bank, etc.
In September 2012, for instance, CRPF launched a tender specifically mentioning that they wanted the RSA SecurID product and wanted vendors to participate with this product. CRPF uses RSA tokens for authentication into their intranet application Cello which contains all the critical information of the CRPF.
“Looking at the way NSA is snooping everything, there is good reason not to think why it wasn’t done deliberately,” said Rohit Srivastwa, an information security expert.
In 2011 also hackers had targeted RSA but the company refused to divulge details on what all has been compromised.