https://en.wikipedia.org/wiki/Dual_EC_DRBG
1) finding a bug and notifying the company
2) finding a bug and releasing/selling
3) finding a bug and using it
4) intentionally adding bugs to software without notifying anyone
5) intentionally adding bugs to software and claiming it's secure
This was level 5
Yes that was a devilishly well executed backdoor, on so many levels.
https://en.wikipedia.org/wiki/Dual_EC_DRBG