Heartbleed Bug: NSA denies it knew about or exploited OpenSSL vulnerability

The National Security Agency (NSA) has denied it knew about or exploited the Heartbleed online bug.

The denial came after a Bloomberg News report alleging the NSA used the flaw in OpenSSL to harvest data.

OpenSSL is online-data scrambling software used to protect data such as passwords sent online.

Last year, Edward Snowden claimed the NSA deliberately introduced vulnerabilities to security software.

The Hearbleed bug, which allows hackers to snatch chunks of data from systems protected by OpenSSL, was revealed by researchers working for Google and a small Finnish security firm, Codenomicon, earlier this month.

OpenSSL is used by roughly two-thirds of all websites and the glitch existed for more than two years, making it one of the most serious internet security flaws to be uncovered in years.

“[The] NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report,” NSA spokeswoman Vanee Vines said in an email, adding that “reports that say otherwise are wrong.”

A White House official also denied the US government was aware of the bug.

The NSA has denied it knew about or exploited the Heartbleed online bug

“Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong,” White House national security spokeswoman Caitlin Hayden said in a statement.

“This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet,” she insisted.

Caitlin Hayden added: “If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”

According to Bloomberg News, the NSA secretly made Heartbleed part of its “arsenal”, to obtain passwords and other data.

The publication claimed the agency has more than 1,000 experts devoted to finding such flaws – who found the Heartbleed glitch shortly after its introduction.

The NSA was already in the spotlight after months of revelations about its huge data-gathering capabilities.

Documents leaked by former NSA contractor Edward Snowden indicated the organization was routinely collecting vast amounts of phone and internet data, together with partner intelligence agencies abroad.

President Barack Obama has ordered reforms that would halt government bulk collection of US telephone records, but critics argue this does not go far enough.

Separate to its denials regarding the NSA, the US government also said it believes hackers are trying to make use of the flaw.

The Department of Homeland Security advised the public to change passwords for sites affected by the flaw, once they had confirmed they were secure, although it added that so far no successful attacks had been reported.

Several makers of internet hardware and software also revealed some of their products were affected, including network routers and switches, video conferencing equipment, phone call software, firewalls and applications that let workers remotely access company data.

The US government also said that it was working with other organizations “to determine the potential vulnerabilities to computer systems that control essential systems – like critical infrastructure, user-facing and financial systems”.

The Heartbleed bug makes it possible for a knowledgeable hacker to impersonate services and users, and potentially eavesdrop on the data communications between them.

It only exposes 64K of data at a time, but a malicious party could theoretically make repeated grabs until they had the information they wanted. Crucially, an attack would not leave a trace, making it impossible to be sure whether hackers had taken advantage of it.

bgeXUT661UE 4C2g2pXiP4U
Nancy Clayson

Nancy is a young, full of life lady who joined the team shortly after the BelleNews site started to run. She is focused on bringing up to light all the latest news from the technology industry. In her opinion the hi-tech expresses the humanity intellectual level. Nancy is an active person; she enjoys sports and delights herself in doing gardening in her spare time, as well as reading, always searching for new topics for her articles.

Recent Posts

Donald Trump and Elon Musk Celebrate Election Victory at UFC 309

Image source: Wikimedia Commons President-elect Donald Trump celebrated his election victory at the Ultimate Fighting…

5 days ago

White House 2024: Donald Trump Wins, Kamala Harris Calls Him to Concede Election

Millions of voters across the US chose to return Donald Trump to the White House…

2 weeks ago

Who Won? Donald Trump Declares Victory as He Addresses Jubilant Supporters in Florida

Donald Trump declares victory in the US election as he addresses jubilant supporters in Florida.…

2 weeks ago

Stocks Soaring as Donald Trump Closes in on US Victory

Stocks around the world are rising as Donald Trump appears to be on the cusp…

2 weeks ago

Who Won? Kamala Harris Cancels Election Night Party as Path to Victory Narrows

Donald Trump has won Pennsylvania, North Carolina and Georgia and taken a lead over Kamala…

2 weeks ago

Quincy Jones Dead at 91

Quincy Jones, the celebrated musician and producer who worked with Michael Jackson, Frank Sinatra, Ray…

2 weeks ago