The NSA's changes to the DES s-boxes made them stronger against differential cryptanalysis, an observation that betrayed the NSA's prior knowledge of differential cryptanalysis long before it reached the academic literature.
It's been awhile since I've studied DES, but I'm not aware of any sense in which the s-box changes weakened it.
Linear cryptanalysis. Its been awhile since I've studied it as well, but Applied Cryptography sites a successful attack that took only 50 with 12 workstations (the book was published in 1996).
DES resists linear cryptanalysis --- the best linear attack on DES is 2^43 and requires 2^43 known plaintexts. Linear cryptanalysis of FEAL-8 takes just 4000 plaintexts.
According to Don Coppersmith, NSA picked DES's s-boxes by randomly generating them and choosing the ones that best resisted differential cryptanalysis --- again, this is something NSA did fifteen years before differential cryptanalysis was discovered by the public. They modified DES to resist an attack only they knew about.
It's been awhile since I've studied DES, but I'm not aware of any sense in which the s-box changes weakened it.