NSA didn’t know about the Heartbleed Security bug – or so they say.
Everyone loves a good conspiracy story , so when Bloomberg reported that the NSA had been aware of the potential for exploitation for at least 2 years, the White House and US intelligence agencies replied on Friday that neither the National Security Agency nor any other part of the government were aware before this month of the “Heartbleed” bug.
They wholeheartedly deny that the spy agency exploited the glitch in widely used web encryption technology to gather intelligence in order to obtain passwords and other basic information used in hacking operations. However, the Bloomberg report cited two unnamed sources it said were familiar with the matter.
The Heartbleed bug is considered one of the most serious internet security flaws to be uncovered in recent years. Read more about it in another post on our blog.
“Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong,” the White House National Security Council spokeswoman, Caitlin Hayden, said in a statement. “This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet.”
Another NSA spokeswoman, Vanee Vines, said in a separate statement: “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report.”
Since a former contractor, Edward Snowden leaked numerous documents exposing expansive US surveillance efforts to media outlets, the activities of the NSA have come under sharp scrutiny.
Even before Snowden’s emergence, former officials admitted that offensive and spying considerations had dominated inside the NSA, causing it to withhold information instead of warning the public about new flaws.
The former White House cybersecurity adviser Richard Clarke reported on Friday that the NSA had not known of Heartbleed.
Come to your own conclusions.