14 votes

NSA Knew About Heartbleed Bug for for Years - Kept it secret in order to exploit it

By Michael Riley | Apr 11, 2014

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.


Trending on the Web

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Time says NSA didn't know

NSA spokesperson Vanee Vines (whiney whines?) told Time that they didn't know about Heartbleed.
Bloomberg says two people said they knew for 2 years.

If they knew it was totally irresponsible behavior.
If they didn't know, how do these lying experts justify the billions spent on chasing wild geese?

Good thing they have a tit for each ringer, but did they know or didn't they, and which is worse?

I'll take my Liberty, it's not yours to give.

If the NSA is the National

If the NSA is the National Security Agency, who exactly are they supposed to secure? Because it certainly is not us or the US.

They knew about this bug and rather than "securing" us/US they instead used it for hacking purposes.

Maybe they should be called the National Insecurity Agency!


Garan's picture

National Security is the Opposite of Personal Security

This is a great example. Thanks NSA. :)



it's not in your best interest...


Albert Camus — 'The only way to deal with an unfree world is to become so absolutely free that your very existence is an act of rebellion.'

We all know that the

We all know that the mainstream media won't report this.

The good thing is more and more are getting their news from non-mainstream sources.

It feels like the first shots are about to be fired or something...

I hope this put an end to the

I hope this put an end to the stupid security idea that because something is Open Source that somebody would have went through every single line and any problems would have been discovered and solved.

The vast majority of Open Source is not adequately audited, and therefore there are vulnerabilities everywhere. There are companies which go through code, and sell vulnerabilities; these companies and their workers aren't going to tell anybody about the vulnerabilities, and then there are Intelligence Agencies which also are not going to tell anybody about discovered vulnerabilities.

I'm not saying to not use Open Source Software, because that is not what I'm saying. However, this belief that it is more secure because since it is Open Source then somebody has done an audit of the code and would have notified people of any vulnerabilities; this is not true. Most people believe this very same thing and therefore very little of it actually happens.

I bet...

They where the one that put it in the code in the first place. There has been reporting on how the NSA is trying to weaken standards.


Who knows anymore these days?

allegory - ˈalɪg(ə)ri/ - noun - 1. a story, poem, or picture which can be interpreted to reveal a hidden meaning, typically a moral or political one.