NSA Denies Report It Exploited Heartbleed Bug

Bloomberg reported the agency knew of the Heartbleed bug shortly after its introduction two years ago.

NSA Denies Report It Exploited Heartbleed Bug
[Image: Flickr user Jake Setlak]

On Friday, Bloomberg ran a damning report about the National Security Agency knowingly exploiting the two-year-old Heartbleed bug as part of its surveillance efforts. The NSA has shot back, denying such allegations, according to Mashable.

“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” an NSA representative told Mashable. “Reports that say otherwise are wrong.”

Made public earlier this week, Heartbleed is a bug in the OpenSSL encryption, affecting about two-thirds of the Internet’s websites. It’s said to be the most devastating vulnerability in Internet history, one that’s impacted tech giants including Google, Facebook, Yahoo, Amazon, Juniper, and Cisco.

Citing two anonymous sources, Bloomberg’s report said the NSA discovered Heartbleed soon after its introduction, and used it to obtain passwords and other data while leaving millions of users vulnerable.

About the author

Based in San Francisco, Alice Truong is Fast Company's West Coast correspondent. She previously reported in Chicago, Washington D.C., New York and most recently Hong Kong, where she (left her heart and) worked as a reporter for the Wall Street Journal.



More Stories