The NSA reportedly exploited the Heartbleed bug for years - WSFA.com Montgomery Alabama news.

The NSA reportedly exploited the Heartbleed bug for years

iStockphoto / Thinkstock iStockphoto / Thinkstock
  • TechMore>>

  • H&R Block Tax Survey: Top Concerns if Tax Refund is Delayed

    H&R Block Tax Survey: Top Concerns if Tax Refund is Delayed

    Nearly half of American taxpayers are somewhat or very dependent on receiving a tax refund from the IRS. The survey of 3,000 Americans and commissioned by H&R Block also found that if a tax refund was delayed, the biggest concern for one in four respondents would be not having enough money to meet required financial commitments like rent and bills. The IRS is required to hold refunds for returns claiming the earned income tax credit (EITC) and additional child tax credit (ACTC) u...

    More >>

    Nearly half of American taxpayers are somewhat or very dependent on receiving a tax refund from the IRS. The survey of 3,000 Americans and commissioned by H&R Block also found that if a tax refund was delayed, the biggest concern for one in four respondents would be not having enough money to meet required financial commitments like rent and bills. The IRS is required to hold refunds for returns claiming the earned income tax credit (EITC) and additional child tax credit (ACTC) u...

    More >>
  • CES 2018 - Smart home with Mario Armstrong

    CES 2018 - Smart home with Mario Armstrong

    CES 2018 recently unveiled the latest consumer technology and innovations in Las Vegas....and Digital Lifestyle Expert Mario Armstrong partnered with some of the cool, connected products heading straight to our homes.  Check out BestofCES.com for more on these cool gadgets and for more CES 2018 coverage. LG SmartThinQ™ makes it simple to manage your LG appliances from a single app (for Android or iOS) or voice controls using Google Assistant or Amazon Alexa. ...

    More >>

    CES 2018 recently unveiled the latest consumer technology and innovations in Las Vegas....and Digital Lifestyle Expert Mario Armstrong partnered with some of the cool, connected products heading straight to our homes.  Check out BestofCES.com for more on these cool gadgets and for more CES 2018 coverage. LG SmartThinQ™ makes it simple to manage your LG appliances from a single app (for Android or iOS) or voice controls using Google Assistant or Amazon Alexa. ...

    More >>
  • CES 2018 - Opening day with Mario Armstrong

    CES 2018 - Opening day with Mario Armstrong

    The hottest consumer electronics and technology were recently unveiled at CES 2018 in Las Vegas…and Digital Lifestyle Expert Mario Armstrong partnered up with some of the exciting brands and products headed our way.  Go to BestofCES.com to learn more about these cool, new devices and for more CES 2018 coverage!

    More >>

    The hottest consumer electronics and technology were recently unveiled at CES 2018 in Las Vegas…and Digital Lifestyle Expert Mario Armstrong partnered up with some of the exciting brands and products headed our way.  Go to BestofCES.com to learn more about these cool, new devices and for more CES 2018 coverage!

    More >>

By Konrad Krawczyk
Provided by


The U.S. National Security Agency was aware of the infamous Heartbleed bug for at least two years, having discovered it shortly after it emerged, and has routinely used it to collect data and spy on foreigners and likely on Americans, according to a Bloomberg report.

Data stolen by the NSA using the Heartbleed bug includes email addresses, passwords and other data that allowed it to carry on cyber espionage operations. The NSA’s silence on the Heartbleed bug’s existence left millions of people vulnerable to attacks in the meantime.

The longer a flaw like Heartbleed existed on the Internet, the more opportunity there was for criminals and enemy states to exploit it to steal information, spy on others and cause incalculable harm to individuals, businesses and government agencies, explained noted security analyst Graham Cluley.

“If it’s true that the NSA knew about the Heartbleed bug, but didn’t tell anyone about it, then they’ve let down everyone who uses the Internet — both around the globe, as well as the law-abiding citizens they are supposed to protect in the United States,” Cluley told Digital Trends.

One of the NSA’s main missions is national security. That includes seeking out software flaws and vulnerabilities that could be exploited by hackers and other governments. The agency’s actions with respect to how it used the Heartbleed bug, and its refusal to inform the public of its existence, seemingly run contrary to those missions, some say.

MORE: Here’s a list of websites allegedly affected by the Heartbleed bug

“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the Atlantic Council’s cyber statecraft initiative,  and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”

A handful of programmers runs the OpenSSL security protocol in which the Heartbleed bug lies; the NSA tasks thousands with discovering such vulnerabilities. Once the flaw was uncovered, the NSA essentially put it in its back pocket, instead of warning those who could have patched the problem and kept the nation’s data safe — a part of the agency’s stated mission.

“The Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information,” the agency’s mission statement reads.

MORE: How to check if your favorite websites are vulnerable to the Heartbleed bug

The NSA reportedly has a war chest consisting of thousands of vulnerabilities like Heartbleed, which can be employed to breach computers all over the world. The intelligence community has defended its actions with respect to how it uses other software vulnerabilities, saying that they enhance the nation’s ability to detect threats from terrorists and measure the intentions of hostile, foreign leaders.

James Lewis, a senior fellow at the Center for Strategic and International Studies specializing in cybersecurity, says that the NSA considers multiple options when it discovers vulnerabilities like Heartbleed. They include temporary exploitation combined with collaboration with software developers to plug the flaw.

MORE: What is the Heartbleed bug?

“They actually have a process when they find this stuff that goes all the way up to the director” of the NSA, Lewis said. “They look at how likely it is that other guys have found it and might be using it, and they look at what’s the risk to the country.”

The Heartbleed bug is a serious vulnerability in the OpenSSL Internet encryption protocol known that has potentially left the information of most Internet users vulnerable to hackers. The Heartbleed bug reportedly affects as much as 66 percent of the world’s active websites, and has existed for roughly two years. That’s according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta.

“We’ve never seen any quite like this,” Michael Sutton, vice president of security research at Zscaler, a security firm, says. “Not only is a huge portion of the Internet impacted, but the damage that can be done, and with relative ease, is immense.”

MORE: The Heartbleed bug affects “almost everyone”

The NSA has been embroiled in controversy and scandal since it was revealed that the agency actively collects data and spies on a vast array of Internet users, including unaware Americans.

At this point, the NSA has declined to comment regarding its use of Heartbleed in domestic spying and data collection operations.

The Electronic Frontier Foundation did not immediately respond to a Digital Trends request for comments.

The information in the Bloomberg report from “two people familiar with the matter.” If it proves true, it’s truly an outrage.

“What worries me is not so much what we have discovered was being done by the NSA, but what we don’t know yet and has still to be revealed,” Cluley added.


This article was originally posted on Digital Trends

Content provided by
INFORMATIONAL DISCLAIMER The information contained on or provided through this site is intended for general consumer understanding and education only and is not intended to be and is not a substitute for professional financial or accounting advice. Always seek the advice of your accountant or other qualified personal finance advisor for answers to any related questions you may have. Use of this site and any information contained on or provided through this site is at your own risk and any information contained on or provided through this site is provided on an "as is" basis without any representations or warranties.
Powered by Frankly