Low effort comment, but I think it's hilarious how much the NSA has started to look like a Bond villain.
Just waiting for the day we find out about their secret lair inside an extinct volcano where they're breeding sharks with lasers attached to their heads.
We don't know that it was NSA, and in fact it's a little unlikely that it is, because NSA is the author of Dual_EC and the standard includes recommended default values for Dual_EC's Q, which we can presume NSA knows the dlogs for.
The smoking gun for this backdoor was a modified Q, which NSA wouldn't have to do, and which represents truly spectacularly bad tradecraft, by drawing attention to a backdoor NSA claims isn't a backdoor in a way that leaves virtually no doubt that it's a backdoor.
I don't think it was the NSA either, but do note that Juniper itself had originally Q set to a different value than the recommended one, and then _that_ value was modified.
Right, the "original" code is also super shady! I like (but don't believe) the story where the later backdoor was actually USG, but done to break some other country's NOBUS backdoor.
I think the NSA offered to "help" them implement Dual_EC since nobody was using it. That would explain the backdoor stopping the extra safety feature that avoided using it alone.
I have a suspicion that the NSA had access to their source at some point.
Just waiting for the day we find out about their secret lair inside an extinct volcano where they're breeding sharks with lasers attached to their heads.