The National Security Agency reportedly used the Heartbleed bug to gather intelligence and data for two years, but the federal agency has come forward to deny it even know about the exploit.
Two sources who spoke with Bloomberg claims that the NSA not only knew about the problem, but used it for national security interests.
Due to the Heartbleed security flaw, the federal agency was allegedly able to gather data, like passwords, to be towards NSA operations. Withholding knowledge of the flaw also could have put many who use the Internet in danger because of how widespread the flaw was.
Jason Healey, the director of the cyber statecraft initiative with the Atlantic Council, said, "It flies in the face of the agency's comments that defense comes first." The former Air Force cyber officer added, "They are going to be completely shredded by the computer security community for this."
Despite the Bloomberg report, the NSA says it was unaware of Heartbleed. In a statement to NBC News, the federal agency said, "NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong."
The OpenSSL flaw was discovered and revealed earlier this week. It is a bit of code that could someone could quietly use to access information supposedly only transferred through a website's secure connection. The flaw, when first reported, could affect about two-thirds of all websites, but many have already begun to patch the exploit, if they even used OpenSSL in the first place.