When it bleeds, it pours.
The National Security Agency reportedly knew of and exploited the massive Internet bug revealed to the public this week and known now as “Heartbleed” in order to gather intelligence information on targets.
This new revelation packs an extra twist that other recent NSA leaks have lacked: Regardless of its purpose for intelligence gathering, the NSA may have known for years about a historic security flaw that may have affected up to two-thirds of the Internet. Instead of trying to repair that flaw—which has potentially impacted countless people—the NSA reportedly manipulated it in secret.
“Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost,” Bloomberg first reported Friday, citing two people “familiar” with the matter. “Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”
In a statement late Friday afternoon, the NSA denied the Bloomberg report. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” said agency spokeswoman Vanee Vines. “Reports that say otherwise are wrong.”
In a follow-up statement, NSC Spokesperson Caitlin Hayden said that the Obama administration “takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”
Unlike previous statements about alleged NSA activities, the statements made by the NSA and White House today are definitive, with little room for differing interpretations.
The Heartbleed bug was revealed publicly for the first time earlier this week, and has been described by numerous cybersecurity experts as one of the worst security glitches the web has ever encountered. Heartbleed is caused by a minor two-year-old flaw in software coding of a program known as OpenSSL that is meant to provide extra protection to websites.
Considerable attention has been paid to Heartbleed’s potential use by criminal hackers to collect war chests filled with online passwords, personal information and banking data, but it remains unclear whether any such bad actors knew of or exploited it prior to its disclosure. A fix was rolled out five days ago, but concerns persist that much of the Internet’s security has been compromised.
Some Internet freedom and privacy groups began speculating that intelligence agencies may have exploited Heartbleed for surveillance purposes shortly after news of the bug broke earlier this week. The Electronic Frontier Foundation suggested earlier exploitations of the bug detected in November of last year “makes a little more sense for intelligence agencies than for commercial or lifestyle malware.”
Earlier Friday, the Department of Homeland Security issued guidance on Heartbleed, saying that “everyone has a role to play to ensuring [sic] our nation’s cybersecurity.”
This post was updated Friday afternoon after the NSA statement was released.
- 1 Clinton Wins Debate, But Did She Win Over Voters?
- 2 Outlook: A Final Showdown Before Shutdown Deadline
- 3 Senate Progressives Look to Flex Muscles in 2017
- 4 The District Where Democrats Want a Gun-Control Debate
- 5 Smart Ideas: The Most Important Election of a 96-Year-Old’s Lifetime; Clinton’s Pitch to Millennials
What We're Following See More »
At the end of the debate, moderator Lester Holt asked Donald Trump if he stands by his statement that Hillary Clinton didn't have the look of a president. Trump responded by saying Holt misquoted him, instead saying that Clinton "doesn't have the stamina." Clinton responded by saying that when Trump visits 112 countries as secretary of state, he can talk to her about stamina.
Donald Trump, when pressed by Lester Holt on why he finally admitted that President Obama was born in America, repeated his widely debunked claim that it was started by Hillary Clinton.
Hillary Clinton went point by point on how race can so often determine the treatment that people receive, mentioning recent shootings in Tulsa and Charlotte, calling for restored trust between communities and police, and demanding criminal justice reform. Trump responded by calling for law and order and touting his endorsements from police unions. He then said that “African Americans are living in hell,” saying they are just walking down the street and getting “shot ... being decimated by crime."
Just as Hillary Clinton was inviting debate viewers to visit her site for real-time fact checking, there appeared to be a problem with Donald Trump's own campaign website. For about a 15-minute period, a blank page or an error message appeared when we tried to load the Trump site.
Donald Trump has come out in the first segment of this debate raring to go. Trump has interrupted nearly every answer being given by Hillary Clinton, talking over her time and again. Clinton is sticking to her guns, smiling while Trump speaks and then calling on people to go to her website and see the fact checking being done.