How To
Report: NSA has been exploiting Heartbleed bug for years
- April 11, 2014
- Updated: July 2, 2025 at 7:45 AM
Bloomberg released a report today accusing the United States National Security Agency of exploiting the Heartbleed bug for years. If true, the NSA’s bulk data collection program could have been enabled by the Heartbleed bug.
Two anonymous people “familiar with the matter” told Bloomberg that the NSA has been exploiting Heartbleed for years. The bug is found in the OpenSSL cryptography protocol that keeps connections to websites secure. Heartbleed allows hackers to listen in on the connection to find the private keys exchanged between users and websites.
Heartbleed is turning out to be one of the biggest internet security holes ever discovered. Initial reports say that 66% of all websites are affect by Heartbleed, but those numbers may be exaggerated.
“It flies in the face of the agency’s comments that defense comes first,” said director of the cyber statecraft initiative at the Atlantic Council Jason Healey. By keeping the Heartbleed bug vulnerable, the NSA could exploit it to collect more user data but at the expense of its citizens. Hackers and the NSA alike could have been using Heartbleed to steal user information since 2012 when the bug was first released.
The NSA denies knowing about the Heartbleed bug until news broke about it this Monday. “Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public,” writes the NSA from its official Twitter account.
The NSA’s official policy is to “disclose vulnerabilities in products and systems used by the US and its allies.” If Bloomberg’s report is true, it will fly in the face of the organization’s previous statements.
Source: Bloomberg
Via: Ars Technica
MORE ON THE HEARTBLEED VULNERABILITY
- Are the dangers of the Heartbleed vulnerability exaggerated?
- Heartbleed: five steps to protect your accounts
- The Softonic Minute: Heartbleed, Twitter, Facebook and Windows XP
- Apple claims it was not affected by Heartbleed security bug
- Soundcloud signs out users in wake of Heartbleed bug
- “Heartbleed” security bug leaves majority of the web vulnerable
You may also like
NewsThe infinite canvas: use of Generative Expand for print bleeds and concept exploration
Read more
NewsJames Gunn clarifies the future of Harley Quinn after years of being a DC icon
Read more
NewsSouth Korea has grown in streaming much more than expected. They have to thank themselves
Read more
NewsOne of the most controversial (and brave) artists in history will have her own biopic
Read more
NewsWe have been waiting 15 years for the end of one of the best mangas in history. And now, finally, it is going to arrive
Read more
NewsThunderbolts is coming to Disney+ sooner than you thought: This will be the release date on the platform
Read more