Report: NSA Knew of, And Exploited, Heartbleed Bug for Two Years


Bloomberg spoke with two sources close to the issue about the NSA’s intelligence gathering methods using the now infamous computer bug.

America’s National Security Agency allegedly knew about the “Heartbleed” bug for two years and used it to gather intel, leaving many computers at risk to hacking attacks. This information comes from Bloomberg, which spoke to two sources familiar with the matter. The Heartbleed bug, revealed earlier this month, is reported to have affected almost two-thirds of the world’s websites, threatening passwords and account information around the world.

Using Heartbleed, the NSA was able to obtain “passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission,” Bloomberg reports. However, in using the bug, the NSA left these millions of users vulnerable to attacks from other hackers.

The article states that open-source software, like OpenSSL, where Heartbleed originated, are primary targets of intelligence gathering operations by the NSA and similar groups. Free codes like OpenSSL are frequently used by many Internet companies, but the unfunded programmers who maintain them don’t have the same resources as the expert codecrackers used by the NSA, Bloomberg stated.

Jason Healey, director the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer, shared some harsh words with Bloomberg about their findings. “It flies in the face of the agency’s comments that defense comes first,” he said. “They are going to be completely shredded by the computer security community for this.”

While an NSA spokeswoman declined to speak to Bloomberg for the article, the agency did later release a statement denying much of the report. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” states an article on USA Today sharing the agency’s response. “Reports that say otherwise are wrong,” according to the NSA.

Source: Bloomberg, USA Today

About the author