NSA exploited Heartbleed bug [World Socialist Website]
By Joseph Santolan
14 April 2014
On Friday, Bloomberg News published a report citing two sources “familiar with the matter” revealing that the National Security Agency (NSA) was aware of the existence of the Heartbleed Internet security bug for two years and routinely exploited the bug to spy on private communications, rather than revealing and patching it.
On the same day, both the White House National Security Council (NSC) and the NSA issued categorical denials that they had any awareness of the existence of the Heartbleed bug prior to its public disclosure on April 7.
NSC spokeswoman Caitlyn Hayden told the press, “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong.” Director of National Intelligence James Clapper (who in March 2013 lied under oath during testimony before the Senate) also stated that the “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report.”
The Bloomberg News report, together with all the available evidence, points to the conclusion that the NSA knew of and exploited the Heartbleed bug from the beginning.
The Heartbleed bug is the result of five lines of poorly crafted code in an extension released in early 2012 to OpenSSL. OpenSSL is an open-source program responsible for the encryption of the majority of traffic on the Internet. Since its discovery and announcement on Monday, the Heartbleed bug has been widely described as the worst security breach in the history of the Internet…
Excerpted; full article link: https://www.wsws.org/en/articles/2014/04/14/nsa-a14.html