Nation & World News

NSA Denies It Knew About Heartbleed Bug Before It Was Made Public

By Eyder Peralta on April 11th, 2014

The National Security Agency says it did not know about a critical security bug until it became public earlier this month.

The NSA was responding to a report from Bloomberg that the agency had known about the vulnerability known as “Heartbleed” for two years and instead of alerting the tech community, it exploited the bug to “gather critical intelligence.”

Just to catch you up: The Heartbleed bug has led tech experts to call on Internet users worldwide to change the passwords they use on popular and sensitive sites, like that of their bank or email provider. As NPR’s Jeremy Bowers explained, the bug allowed an attacker to receive the encryption keys used to transmit information like your username and password. In other words, the bug allowed access to the “crown jewels.”

In a statement, the NSA said Bloomberg’s report was simply “wrong.” The U.S., the NSA said, would reveal this kind of vulnerability to developers if it ever came upon it. The statement goes on:

“The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

“When Federal agencies discover a new vulnerability in commercial and open source software – a so-called ‘Zero day’ vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.

“In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

This entry was posted in News from NPR. Bookmark the permalink.

Comments are closed.

 

More Stories in News from NPR

A bird covered in oil flaps its wings at Refugio State Beach, north of Goleta, Calif., on Thursday. More than 9,000 gallons of oil has been raked, skimmed and vacuumed from a spill that stretched across 9 miles of California coast, just a fraction of the sticky, stinking goo that escaped from a broken pipeline, officials said.

Pipeline Operator: Possibly Months To Determine Cause Of Calif. Spill

Plains All American, the company that operates the pipeline, says it has yet to uncover the problem. So far, 9,000 gallons of sludge have been removed from a 9-mile stretch near Santa Barbara.


In this photo released Thursday by a website run by Islamic State militants, damaged Syrian helicopters sit at Palmyra air base, which was captured by ISIS after a battle with the Syrian government forces earlier this week.

Islamic State Reportedly Seizes Last Syria-Iraq Border Crossing

The checkpoint at al-Tanf, known as al-Waleed in Iraq, has been seized, according to a British-based monitoring group that says ISIS fighters now control half of Syria.


Nuns vote on a referendum to legalize same-sex marriage, at a polling station in County Dublin, Ireland, on Friday.

Irish Voters Decide Whether To Legalize Same-Sex Marriage

Polls show the “yes” vote is stronger in the conservative, predominately Catholic country. But public opinion surveys could be masking a “shy no vote,” observers say.


Cho Hyun-ah, former vice president of Korean Air, was sentenced to one year in prison for her behavior aboard an international flight. She's seen here in December

Korean Air ‘Nut Rage’ Executive Freed From Jail

An appeals court reduced the sentence of former Korean Air executive Heather Cho. She demanded a plane return to the gate because her macadamia nuts weren’t served in a manner to her liking.


Law enforcement investigate on May 18 the motorcycle gang-related shooting at the Twin Peaks restaurant in Waco, Texas.

Uneasy Rider: The Origins Of Motorcycle Gangs And How They Remain A Force

Steve Cook, who heads the Midwest Outlaw Motorcycle Gang Investigators Association, tells NPR that soldiers returning from World War II formed biker gangs, which became infamous during a 1947 riot.


Thank you for your support

WUFT depends on the support of our community — people like you — to help us continue to provide quality programming to North Central Florida.
Become a Sustainer
I want to support FM 89.1/NPR
I want to support Florida's 5/PBS
Donate a Vehicle
Underwriting Payments