Home / Privacy / New Evidence May Indicate NSA Took Advantage Of Heartbleed Leaks For Years
Print Friendly and PDF

New Evidence May Indicate NSA Took Advantage Of Heartbleed Leaks For Years

Posted on April 12, 2014

A new report about the massive internet security software bug that’s been shaking up the Web all week indicates the National Security Agency both knew about and exploited the flaw to to spy on internet traffic for at least two years.

Bloomberg News broke the story in a Friday report citing two sources “familiar with the matter” that claim the agency knew about the Heartbleed bug in OpenSSL, which encrypts web traffic on HTTPS sites and services to secure the most sensitive of user information including usernames, passwords, emails, communications, account and credit card information, and neglected to report it to the cyber community.

According to one of the sources the agency discovered the bug shortly after its introduction to the Internet on Dec. 31, 2011, after which it became an essential and commonly used tool to steal login information and other data.

“They actually have a process when they find this stuff that goes all the way up to the director,” cybersecurity senior fellow at the Center for Strategic and International Studies James Lewis said. “They look at how likely it is that other guys have found it and might be using it, and they look at what’s the risk to the country.”

The compromised version of OpenSSL is used by some of the biggest names on the Web, and is estimated to have violated the security of two-thirds of internet traffic over more than two years, exposing unencrypted data in plain text to interception by hackers.

Bloomberg sources claim the signals intelligence agency “was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission,” but at the cost of leaving millions of users vulnerable to similar attacks by foreign intelligence services and criminals.

“It flies in the face of the agency’s comments that defense comes first,” director of the cyber statecraft initiative at the Atlantic Council and former Air Force cyber officer Jason Healey said. “They are going to be completely shredded by the computer security community for this.”

An NSA spokesperson declined to comment on the agency’s knowledge or use of Heartbleed, but experts cited by Bloomberg said finding such software vulnerabilities is crucial to NSA’s mission — a practice President Obama’s NSA review board recommended stopping in the wake of former contractor Edward Snowden’s classified program leaks.

The software programmer responsible for the flaw claimed it was accidental in a Friday report, but immediately speculated the bug could have been used by intelligence agencies in exactly the way described by Bloomberg sources.

Read more: http://dailycaller.com/2014/04/11/nsa-knew-about-and-exploited-heartbleed-bug-for-years/#ixzz2ygEkgzcp

Continue Reading on dailycaller.com

Print Friendly and PDF

Posting Policy:
We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read more.

5 thoughts on “New Evidence May Indicate NSA Took Advantage Of Heartbleed Leaks For Years

  1. 1baronrichsnot1 says:

    This is all bulll schitt! We have known since 2005 that all messages were capable of being read, even instant messaging, all conversations were monitored! How do you thing they captured the "key words"for investigation and filing of a conversation? This is an example of fascism and co operation of internet websites monitoring by gov't by programming request from the FBI and CIA. Why do you think we wouldn't have a method for the gov't to intercept Emails and conversations? After what happend on 9-11-01! It's just now being disclosed, disclosed because every user now knows about it. I hope it caught some terrorist and crooks!

  2. The subject of a very good and wonderful and very important also have benefited from it so much thank you

  3. Nice info thanks for sharing nice info. I would like to visit again your website.

  4. The subject of a very good and wonderful and very important also have benefited from it so much than