NSA Said to Have Left Us Vulnerable to Attack in Order to Exploit Heartbleed
In violation of one of its primary missions, the National Security Agency has kept secret the biggest threat to Internet security in memory in order to exploit it, sources say.
In violation of one of its primary missions, the National Security Agency reportedly has kept secret the biggest threat to Internet security in memory in order to exploit it.
The Heartbleed vulnerability in OpenSSL, a basic security protocol, affects as many as two-thirds of the Internet’s servers, and, according to a Bloomberg piece, the NSA has known about it for years:
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”
The NSA exists, in part, to identify bugs like Heartbleed and make us more secure. Instead, the agency appears to have become totally obsessed with espionage.
— Posted by Peter Z. Scheer
WAIT BEFORE YOU GO...This year, the ground feels uncertain — facts are buried and those in power are working to keep them hidden. Now more than ever, independent journalism must go beneath the surface.
At Truthdig, we don’t just report what's happening — we investigate how and why. We follow the threads others leave behind and uncover the forces shaping our future.
Your tax-deductible donation fuels journalism that asks harder questions and digs where others won’t.
Don’t settle for surface-level coverage.
Unearth what matters. Help dig deeper.
Donate now.
Researchers have discovered a security flaw "bigger than Heartbleed," the bug that affected nearly every computer user earlier this year, in one of the most fundamental points of contact between users on the Internet.
One lesson of the Heartbleed bug is that the U.S. needs to stop running Internet security like a Wikipedia volunteer project.
Would You Trust The NSA’s Advice On How To Deal With Heartbleed? (via Techdirt) Somewhat late to the game (by about a week), after the Heartbleed vulnerability was publicly revealed, and a few days after it was reported and denied that the NSA was already well aware of Heartbleed and exploiting it, the NSA has […]
A critical flaw that has been with us for some time and could be around for months to come leaves much of the Internet vulnerable.
You need to be a supporter to comment.
There are currently no responses to this article.
Be the first to respond.