Heartbleed bug not leveraged for surveillance, NSA says

Share this article:
Heartbleed bug not leveraged for surveillance, NSA says
The NSA denied claims that it had previously known about the Heartbleed bug.

The National Security Agency (NSA) has dismissed reports that it has been exploiting the Heartbleed vulnerability to carry out internet surveillance.

Only two hours after Bloomberg broke the story late last week, which cited “two people familiar with the matter” proclaiming that the U.S. surveillance agency has been aware of the bug for two years, and has been exploiting it ever since to gather ‘critical intelligence' from websites, White House and NSA representatives quickly released statements to counter the allegations.

“Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,” said White House National Security Council spokeswoman Caitlin Hayden in a statement.

Former director of the NSA General Michael Hayden also added, “This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet.”

The Bloomberg report also stated that the Heartbleed bug, which exploits a flaw in the Secure Sockets Layer (SSL) and Transport Layer Security protocol (TLS) designed to stop prying eyes viewing internet activity, has been used by NSA officers to obtain passwords and other basic data to act as the “building blocks of the sophisticated hacking operations at the core of its mission.” This means ordinary users' would be vulnerable to attack from other nations' intelligence arms and criminal hackers, according to the report.

Despite both the NSA's and White House's quick denials of spying claims leveraging Heartbleed included in the Bloomberg report, privacy advocates and other IT security experts were just as fast to lash out at the government agency for these reported questionable activities.

More immediate reactions to the news shared on Twitter last Friday by other security professionals' can be found here.

Indeed this is not the first time the NSA's practices have been questioned. The Verge reports that the agency is spending just under $1.6 billion a year on data processing and exploitation, while The New York Times added over the weekend that President Barack Obama himself has decided that the agency should reveal internet flaws to the general public, but only if it's “a clear national security or law enforcement need.”

Nick Pickles, director of civil liberties group Big Brother Watch, told SCMagazineUK.com in an email correspondence that – if the rumors are true – it goes against what is supposed to be the NSA's mission.

“There is a fundamental contradiction in having the NSA be responsible to cyber security and exploiting vulnerabilities in software,” Pickles said.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.