NSA Used Heartbleed Bug To Gather Intelligence for Years


Have you changed all of your online passwords yet? This Heartbleed bug has wreaked some serious havoc. And, according to Bloomberg News, the NSA knew about this exploit, but instead of making citizens aware, the government used the exploit itself to gather intelligence for years.


Despite allegations otherwise, the NSA denies the claim: “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,” according to an e-mailed statement from the Office of the Director of National Intelligence and reported by Bloomberg News.


According to experts, Heartbleed could be one of the biggest flaws in the Internet’s history, affecting the basic security of as many as two-thirds of the world’s websites.

After being found and fixed five days ago, consumers were prompted to change their passwords on their GMail, Facebook and more. The Canadian government also suspended electronic tax filing and huge computer companies like Cisco Systems Inc. provided patches for its system.


The government had a lot to gain by using the Heartbleed bug. The NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission. But that information came at a cost, this flaw left millions of citizens vulnerable from other nations’ intelligence arms and criminal hackers.


“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer to Bloomberg News. “They are going to be completely shredded by the computer security community for this.”


When things like this are discovered, they are supposed to be disclosed, unless its a matter of national defense.


“This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet,” Shawn Turner, director of public affairs for the Office of the Director of National Intelligence, said in the statement. “Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”


It’s the NSA’s job to find these vulnerabilities.


What is now referred to as “Heartbleed” was introduced in early 2012 in a minor adjustment to the OpenSSL protocol, an open source project.


The crackers of the NSA found the flaw shortly after it was introduced. It took security researchers until several days ago to find it themselves.


Does anyone believe the NSA didn’t know about this bug before 2014? Given their track record of lying to the public? One thing is for sure. You probably should change your password today.

What behaviors have you changed now that you know the government is spying on Americans? Please comment below.