From list cryptography:

Steven Bellovin <smb@cs.columbia.edu> writes:

...

Does anyone know of any (verifiable) examples of non-government enemies exploiting flaws in cryptography?

Could you be a bit more precise about what "flaws in cryptography" covers? If you mean exploiting bad or incorrect implementations of crypto then

At 05:00 PM 11/28/2011 +1300, Peter Gutmann wrote: there's so

much that I barely know where to start, if it's actual cryptanalytic attacks on anything other than toy crypto (homebrew ciphers, known-weak keys, etc) then there's very little around. If it's something else, you'd have to let us know where the borders lie.

A fundamental characteristic of non-toy (especially unbreakable!) encryption is that any failure is due to implementation or some other fault beyond the cipher. This indefensible circularity is audacious but necessary for the illusory claims for a strong cipher. In more recent times, another necessary illusion is that if a cipher has been broken it will be publicly revealed. Despite the ancient concealment of vulnerabilities of ciphersystems in order to exploit trust in them. Then there is the argument that different standards of cipher protection must be declared in order to determine whether a cipher meets a standard. And this leads to an ever receding standard for the best and a pile-up of lesser promises unmet. And there is a presumption that the best encryption will be expropriated by national governments and their selected agents and must be kept out of the hands of the governed. Hence, best ciphersystems are never revealed or disappear from public view via official secrecy classification or NDA. These evasions are used by cipher (and security) snake oil peddlers to maximum advantage such that it is probably wise to consider all cipher (security) systems snake oil, or more precisely, toys requiring sophisticated marketing and exculpations of failure -- at which crypto and official security wizards may be expected to excell.