Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
2. Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
U.S.: NSA Knew About Heartbleed, Exploited It for Two Years
Source: upi.com
Source Date: Friday, April 11, 2014
Focus: Electronic and Mobile Government, Knowledge Management in Government, Citizen Engagement, Internet Governance
Country: United States
Created: Apr 14, 2014

The National Security Agency knew about the Heartbleed internet security bug for at least two years and not only said nothing, but exploited it, according to anonymous sources speaking to Bloomberg.
Bloomberg reports the agency discovered the glitch shortly after its introduction and it “became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.”

The bug, which affects the open-source OpenSSL encryption software used by hundreds of thousands of websites, was another means by which the NSA could obtain passwords and other private data.

The NSA’s decision to keep the bug a secret in the interest of national security has upset critics, reinvigorating the debate over privacy concerns and the agency’s secrecy.

Critics in the computer world claim the move further damages the NSA’s credibility, as they potentially left the bug open not just for hackers and criminals, but for foreign intelligence agencies to exploit.

Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council and a former U.S. Air Force cyber officer, said, “It flies in the face of the agency’s comments that defense comes first. They are going to be completely shredded by the computer security community for this.”

"Given the scale of Heartbleed, deciding to exploit this vulnerability rather than fix it, makes a mockery of any claims that the NSA defends the networks of the U.S.A.," one online security professional told Mashable.

Within hours of Bloomberg's report, the NSA and the White House denied the agency knew about the Heartbleed bug.

"If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL," White House National Security Council Spokesperson Caitlin Hayden said in a statement.

News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
0 ratings
Views: 467

Comments: 0 Bookmarked: 0 Tagged: 0

0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2019 by UNPAN - United Nations Public Administration Network