NSA denies report it has been using "Heartbleed" OpenSSL exploit for spying

The "Heartbleed" exploit found in OpenSSL earlier this week has been the subject of a ton of discussion on the Internet, along with a lot of fear about its ramifications. Now the National Security Agency, which is already dealing with its own PR problems in explaining its Internet spying activities, is denying a report that it knew about the "Heartbleed" issue before it went public.

The claim was first made by Bloomberg, which reported, via unnamed sources, that the NSA not only knew about "Heartbleed" for two years and used it to obtain intelligence data without informing any other agency of the vulnerability in the OpenSSL system. However, the NSA has since sent out an official statement on Bloomberg's report, saying simply, "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong."

In addition, the U.S. Office of the Director of National Intelligence sent out its own statement saying, "Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities."

The discovery of the issue in OpenSSL, which is used as the main encryption for over two-thirds of all websites, has caused many security experts to inform consumers to change their passwords. Security firm CloudFire issued a challenge to hackers to use the OpenSSL exploit to get access to a website's private security keys. So far, four people have been confirmed as doing just that.

Source: Bloomberg | Image via NSA

Report a problem with article
Previous Story

Microsoft offers two Windows 8.1 Update install fixes, but problems remain

Next Story

Nokia 'Monarch' identified as T-Mobile's Lumia 635

43 Comments

Commenting is disabled on this article.

Look up fMRI and you will start to see where this is heading. As far as some people are aware the NSA houses a very powerful computer.. The data pipes that are feeding it are growing in scope. I wouldn't be surprised if the NSA relies heavily on this system for potential threats around the world (which may explain their past 'intel' hiccups). I wouldn't be surprised if the long term plan is to be able to monitor every persons movements (including thoughts).
Year 2000-2001 - lowest ever opium tonnage in Afghanistan... 9/11...
2002 - Opium production increases 400%... peaks in 2008 (highest ever)
Most importantly every law regarding privacy is slowly stripped away.. Countries that haven't even been the target of terrorism legislate new laws giving intelligence and security organisations unprecedented levels of access to civilian and commercial data.
Unfortunately it seems as though this technology may not be used solely for anti-terrorism or security breaches, rather it looks like it will be used for pecuniary advantage, harassment, perhaps even for fun amongst the financially rich... Spying on someones thoughts!
Last year I did a wee experiment and sent some fake suspect messages through the internet while expressing some dismay at the current and past American administrations and openly talked and gave my views on PRISM. Now I'm the target of constant 24/7 harassment with audible speech and sound being transmitted directly into my head. Derogatory comments such as dick, ######, you're a loser, you're going to die; at times it seems as though a real person takes over the helm and gives defined, accurate, real-time responses.... TO MY THOUGHTS!
Some of the cross-referencing I've done (darpa.mil) would point to these technologies as being a two-way system, which would explain the involuntary muscle twitching, heart palpitations and pain (especially tooth ache!/and that's after a dentist visit to try to get it fixed).
Every day that passes makes 9/11 look more like a staged event, where this so called 'super' computer gave a God like forecast as to the potential outcome of such an event.. So many holes, cover ups and retention of information regarding 9/11. Osama still denied involvement in 9/11 right up to him being shot and killed, not tasered. I wonder what would've happened if he had been able to prove he wasn't involved?!
Sorry but for me freedom and democracy has a whole new meaning where nothing is sacred and potential criminal coercion and corruption is now possible on an unprecedented scale. And just how motivated will individuals become (even on something immoral) if they believe God is talking to them!

That's right. They never used that exploit. And the IRS never went after Tea Party groups, and the BLM didn't hide behind fake concern over a desert tortoise to strong-arm cattle ranchers. Oh, and you can keep your health insurance and your doctor. <sigh>

Brought to you by the same people that openly lied to congress and everyone else on earth about their previous spying. ZERO credibility now and forever. Wouldn't surprise me if their found out later to have introduced other "bugs" themselves for plausible deniability and other benefits. RSA rings a bell.

The NSA can't do anything with people's data. They collect it and that's about it. They can't release it to police or cases for investigative purposes because the Supreme Courts has upheld (and still does) the notion that it cannot use information that was obtained illegally (wire tapping nature) including data mining and checking e-mails without a warrant etc...

Everything I just posted up there is false actually, they DO use your data for those purposes even though it is illegal.

Izlude said,
The NSA can't do anything with people's data. They collect it and that's about it. They can't release it to police or cases for investigative purposes because the Supreme Courts has upheld (and still does) the notion that it cannot use information that was obtained illegally (wire tapping nature) including data mining and checking e-mails without a warrant etc...

Everything I just posted up there is false actually, they DO use your data for those purposes even though it is illegal.

Again, I'm not seeing an issue. What is the problem with the government housing my data, or using it?

Like they are going to admit it? standard practice is to deny all involvement. You'll never get a straight answer out of the NSA, ever.

At some point you have to draw the line even if you're an agency like this.

Because without the shadow of a doubt they knew about this, many others also knew which makes you think; how many criminal organizations also knew about it and how many people, services or systems were compromised because of this?

Dinggus said,

So what's your plan of action?


There are many possibilities. But if you utter them openly, you will be on the NSA watchlist for sure.
And if you really ask such a question, the surveillance works already. Ben Franklin was right.

Edited by coolhund, Apr 13 2014, 9:40am :

Dinggus said,

So what's your plan of action?

If you ask for a solution, there's none, at least in the immediate future. We're too deep into this.

However, there are alternatives that can lessen the power these agencies have over us. Any step towards a possible solution is a right step. Even if it ends as a fallacy.

People have listened to him because he brought enough proof to show it was true.
If he brought this up, he'd do so with proof again.

Enron said,
Watch Edward Snowden say they've been using the exploit, even though he isn't even with the NSA anymore.

Edward Snowden isn't and hasn't announced anything for, half a year? Anything you see about NSA leaks is because of the data he leaked and gave to media outlets, he isn't announcing it himself, just in case you didn't notice, he's in hiding because americas most probably trying to kill him at any possible chance they get.

I think if America truly wanted him dead, he'd be dead by now. I think there's a realization in the intelligence community that other than punitive measures they'd have nothing to gain by killing him since the damage has already been done.

They can't kill him, if he knows whoever kills him, America will be blamed, and government assasinations isn't allowed according to international law. also it would serve no purpose he's already leaked what he knew and could. They need to catch him to put him in jail after a trial where he will be deemed a spy, whether it was for the "right" reasons or not, he was.

You can argue the fact that he betrayed the government and not the people all you want, but it doesn't change the fact that he broke every contract he signed and every vow he pledged. And he also weakened the US' spying on enemies and other states.

Sometimes, when you do the "right" thing(if you are in that boat) you have to pay the price for it as well.

I don't think all of the data he had has even been leaked yet. I'll bet he's passed it onto someone else to be leaked if he does vanish.

Javik said,
I don't think all of the data he had has even been leaked yet. I'll bet he's passed it onto someone else to be leaked if he does vanish.
Think you'll find it's gone, the UK government forced the newspapers to destroy the computers and they confiscated all the laptops brought back into the UK from a trip the boyfriend of a writer who went to see him

Of course they're lying. These are people who are paid to lie. It's like accusing a barista at Starbucks of making coffee.