I also believe that the NSA intended to strenghten DES. However, it was later discovered that the changed they made to the s-boxes also made it weak against a different form of cryptanalysis.
The NSA's changes to the DES s-boxes made them stronger against differential cryptanalysis, an observation that betrayed the NSA's prior knowledge of differential cryptanalysis long before it reached the academic literature.
It's been awhile since I've studied DES, but I'm not aware of any sense in which the s-box changes weakened it.
Linear cryptanalysis. Its been awhile since I've studied it as well, but Applied Cryptography sites a successful attack that took only 50 with 12 workstations (the book was published in 1996).
DES resists linear cryptanalysis --- the best linear attack on DES is 2^43 and requires 2^43 known plaintexts. Linear cryptanalysis of FEAL-8 takes just 4000 plaintexts.
According to Don Coppersmith, NSA picked DES's s-boxes by randomly generating them and choosing the ones that best resisted differential cryptanalysis --- again, this is something NSA did fifteen years before differential cryptanalysis was discovered by the public. They modified DES to resist an attack only they knew about.
They weakened DES by reducing key size from 128 to 56 bits. Everything suggests they didn't know about linear cryptanalysis at the time, and in any case their improved sboxes, by being stronger against DC, were also stronger against LC.
