And yet became a official standard anyway, and was occasionally actually used, despite the fact that is was obviously backdoored to anyone who knew anything about (elliptic-curve) cryptography. (It's literally a textbook-exercise leaky RNG, of the sort that you would find under "Exercise: create a elliptic-curve-based RNG that leaks seed bits within N bytes of random data." in a actual cryptography textbook.)
You don't really need to understand elliptic curves to understand Dual EC. It's a public key RNG. The vulnerability is that there's a matching private key.
True, but my parenthetical was covering the opposite issue: it's possible to not realise DUAL_EC_DRBG is broken (rather than impossible to realise it) if your only knowledge of cryptography is, say, hash functions and stream ciphers (so you don't recognise public key cryptography from looking at it). It's unlikely, because DUAL_EC_DRBG is really obviously broken, but I wouldn't fault someone who knew nothing about elliptic-curve cryptography for missing it, even if they were familiar with other types of cryptography. (I would fault them for claiming that it's secure, rather than recognizing that they don't know enough to evaluate its security, but you can't conclude something's backdoored just from that.)