Update 5:22: NSA officials have denied that the agency knew about the Heartbleed bug before the general public learned of its existence.
Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.
â€” NSA/CSS (@NSA_PAO) April 11, 2014
5:00: Officials at the National Security Agency may have known about and exploited a critical Internet security flaw, known as the Heartbleed bug, for at least two years, according to Bloomberg News, and Internet users around the world are outraged by the report.
The NSA learned about the security flaw almost as soon as it was introduced, and it kept its knowledge of the Heartbleed bug secret to exploit the flaw for national security purposes and interests, including obtaining passwords and other data, Bloomberg said. That left computers, servers and Internet users exposed to attacks from others who may have known about the security flaw, such as hackers and intelligence agencies from other countries. The Heartbleed bug reportedly gave the NSA access to nearly two-thirds of the world’s servers.
Many Internet users around the world spoke out against the NSA after reports that the intelligence agency, which was established to protect America's national security, left a major security flaw intact to further its surveillance goals. Many people view the NSA in a suspicious light after former agency contractor Edward Snowden revealed that it collected ordinary Americans' phone call metadata, causing them to assume the worst about the organization. Some, like MSNBC host Christopher Hayes, have even speculated that the NSA could have engineered Heartbleed, the SSL vulnerability that left many Americans in danger of identity theft.
If the NSA really did know about #Heartbleed "from the start," then they must have a team auditing every single OpenSSL commit for bugs.
â€” Nadim Kobeissi (@kaepora) April 11, 2014
Is it crazy to wonder if NSA somehow engineered Heartbleed to begin with?
â€” Christopher Hayes (@chrislhayes) April 11, 2014
â€” John Lilly (@johnolilly) April 11, 2014
So, under the pretense of protecting Americans, the NSA left millions of Americans open to identity theft. No words. http://t.co/4T5KXEcGCr
â€” Dana Liebelson (@dliebelson) April 11, 2014
#tbt When you thought your life was in any way secure from terrorism and/or identity theft
â€” Abraham Riesman (@abrahamjoseph) April 11, 2014
alt hed: Hey hey NSA, how many passwords did you steal today http://t.co/UNkdmbndm4
â€” Megan Hess (@mhess4) April 11, 2014
The NSA's decision to exploit Heartbleed, leaving millions vulnerable, contradicts its position of national defense - http://t.co/BBDS59w6zP
â€” Matthew Keys (@MatthewKeysLive) April 11, 2014
To recap: we pay people tens of billions of $ every year to keep us safe. They do this by making sure the internet isn't secure.
â€” phillip anderson (@phillipanderson) April 11, 2014
Trying to imagine the glee at NSA when they found Heartbleed and knew it gave them a backdoor to the entire internet: http://t.co/dHVf3v6J1k
â€” Mathew Ingram (@mathewi) April 11, 2014