There is virtually no useful software vulnerability for which you can't conjure up a compelling-sounding narrative of deliberate introduction (or "bugdoor"). It's like numerology. So you should be wary of people insinuating about bugs.
What makes Dual_EC so compelling to experts is the "Nobody but us" nature of the flaw: the bug is cryptographically limited to a small number of actors. FedGov buys hundreds of millions of dollars of COTS gear with OpenSSL embedded, and this bug is so simple that middle-schoolers are exploiting it. You shouldn't even need to ask if it was deliberate.
What makes Dual_EC so compelling to experts is the "Nobody but us" nature of the flaw: the bug is cryptographically limited to a small number of actors. FedGov buys hundreds of millions of dollars of COTS gear with OpenSSL embedded, and this bug is so simple that middle-schoolers are exploiting it. You shouldn't even need to ask if it was deliberate.