- Special Features
Blogs & Columns
- Fun & Games
The National Security Agency reportedly used the Heartbleed bug to gather intelligence and data for two years, but the federal agency has come forward to deny it even knew about the exploit.
Two sources who spoke with Bloomberg claim that the NSA not only knew about the problem, but used it for national security interests.
Due to the Heartbleed security flaw, the federal agency was allegedly able to gather data, like passwords, to be used for NSA operations. Withholding knowledge of the flaw could have also put many who use the Internet in danger because of how widespread the flaw was.
Jason Healey, the director of the cyber statecraft initiative with the Atlantic Council, said, "It flies in the face of the agency's comments that defense comes first." The former Air Force cyber officer added, "They are going to be completely shredded by the computer security community for this."
Despite the Bloomberg report, the NSA says it was unaware of Heartbleed. In a statement to NBC News, the federal agency said, "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report. Reports that say otherwise are wrong."
The OpenSSL flaw was discovered and revealed earlier this week. It is a bit of code that someone could quietly use to access information supposedly only transferred through a website's secure connection. The flaw, when first reported, could affect about two-thirds of all websites, but many have already begun to patch the exploit, if they even used OpenSSL in the first place.