NSA knew about the bug heartbleed and used it regularly to gather information for at least two years, they told Bloomberg sources he does not name.
If the (valid) website post is true the NSA could collect information such as passwords access και ιδιωτικές επικοινωνίες από εκατοντάδες χιλιάδες ιστοσελίδες, δεδομένου ότι το Heartbleed είναι ένα bug στο δημοφιλές open-source OpenSSL encryption software, used to secure data on hundreds of thousands of websites, including Gmail and Facebook.
About two hours after Bloomberg's publication, the NSA and White House denied the claims in statements sent to Mashable.
"The NSA didn't know her vulnerability of OpenSSL, the so-called Heartbleed, until it is made public by some cyber company," an NSA spokesperson told Mashable. "Posts that say otherwise are incorrect."
Representative of the National Security Council, Caitlin Hayden, also said that neither the NSA nor any other federal agency knew about the Heartbleed bug.
"If the federal government, including the intelligence community, had discovered the vulnerability, they would have reported it to the OpenSSL community," Hayden said in a statement.
Of course, we would expect nothing more than government statements, as if it were revealed that the NSA had left the door open to other intelligence services and across the world it would run counter to what the agency claims to be its primary mission . If you forgot the mission of the secret service to remind that it is it that protects and defends cyber security.
But Bloomberg's revelation seems to have shocked a lot of people, even though it shouldn't have come as a surprise. Over the past few days, some have already questioned whether the NSA was using Heartbleed to crack SSL encryption, given that the documents that they leaked by Edward Snowden revealed that the agency has been trying to breach it for years.
"I would not be surprised if the NSA discovered the vulnerability long before us," Matt Blaze, a cryptographer and professor at the University of Pennsylvania, told Wired. "It's definitely something the NSA would have found extremely useful in their arsenal."
