Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Report: NSA Knew of, And Exploited, Heartbleed Bug for Two Years

This article is over 10 years old and may contain outdated information

Bloomberg spoke with two sources close to the issue about the NSA’s intelligence gathering methods using the now infamous computer bug.

America’s National Security Agency allegedly knew about the “Heartbleed” bug for two years and used it to gather intel, leaving many computers at risk to hacking attacks. This information comes from Bloomberg, which spoke to two sources familiar with the matter. The Heartbleed bug, revealed earlier this month, is reported to have affected almost two-thirds of the world’s websites, threatening passwords and account information around the world.

Using Heartbleed, the NSA was able to obtain “passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission,” Bloomberg reports. However, in using the bug, the NSA left these millions of users vulnerable to attacks from other hackers.

The article states that open-source software, like OpenSSL, where Heartbleed originated, are primary targets of intelligence gathering operations by the NSA and similar groups. Free codes like OpenSSL are frequently used by many Internet companies, but the unfunded programmers who maintain them don’t have the same resources as the expert codecrackers used by the NSA, Bloomberg stated.

Jason Healey, director the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer, shared some harsh words with Bloomberg about their findings. “It flies in the face of the agency’s comments that defense comes first,” he said. “They are going to be completely shredded by the computer security community for this.”

While an NSA spokeswoman declined to speak to Bloomberg for the article, the agency did later release a statement denying much of the report. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” states an article on USA Today sharing the agency’s response. “Reports that say otherwise are wrong,” according to the NSA.

Source: Bloomberg, USA Today

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy