facebook
twitter
rss
account
search
search
 

NSA knew about Heartbleed, exploited it for two years

The White House and NSA have denied Bloomberg's report that the agency knew about the Heartbleed bug.
By JC Sevcik   |   April 11, 2014 at 7:10 PM   |   Comments

http://cdnph.upi.com/sv/em/i/UPI-3341397250647/2014/1/13972527198074/NSA-knew-about-Heartbleed-exploited-it-for-two-years.jpg
WASHINGTON, April 11 (UPI) -- The National Security Agency knew about the Heartbleed internet security bug for at least two years and not only said nothing, but exploited it, according to anonymous sources speaking to Bloomberg.

Bloomberg reports the agency discovered the glitch shortly after its introduction and it “became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.”

The bug, which affects the open-source OpenSSL encryption software used by hundreds of thousands of websites, was another means by which the NSA could obtain passwords and other private data.

The NSA’s decision to keep the bug a secret in the interest of national security has upset critics, reinvigorating the debate over privacy concerns and the agency’s secrecy.

Critics in the computer world claim the move further damages the NSA’s credibility, as they potentially left the bug open not just for hackers and criminals, but for foreign intelligence agencies to exploit.

Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council and a former U.S. Air Force cyber officer, said, “It flies in the face of the agency’s comments that defense comes first. They are going to be completely shredded by the computer security community for this.”

"Given the scale of Heartbleed, deciding to exploit this vulnerability rather than fix it, makes a mockery of any claims that the NSA defends the networks of the U.S.A.," one online security professional told Mashable.

Within hours of Bloomberg's report, the NSA and the White House denied the agency knew about the Heartbleed bug.

"If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL," White House National Security Council Spokesperson Caitlin Hayden said in a statement.

[Bloomberg]
[Mashable]

Follow @JCSevcik and @UPI on Twitter.
Contact the Author
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Featured UPI Collection
trending
Celebrity Couples of 2014 [PHOTOS]

Celebrity Couples of 2014 [PHOTOS]

Most Popular
1
China questions Americanism in SATs
2
Dairy Queen hit by Backoff malware breach
3
Plague bomb data found on seized Islamic State laptop
4
St. Paul police arrest a black man for sitting on a bench waiting for his children
5
Elizabeth Warren defends Israeli airstrikes on schools and hospitals
Trending News
Video
x
Feedback