Yes. It's also hard to know whether "they" didn't try "hard enough" to get "better" curves or whether "they" didn't know any better(†) or whether "they" intentionally made these "bad" curves. That's why I don't want to call it a backdoor.

(†) We know that historically NSA had secret cryptography knowledge, the most famous example being differential cryptanalysis and the subsequent hardening of DES (although IBM also knew about that). Since it's a secret agency we cannot know the current state of their secret knowledge; my gut tells me though that since crypto has become a much more open/scientific discipline in the last 10-15 years that they probably don't have much of that anymore.