Home Technology NSA: Did It Know About Heartbleed Bug?

NSA: Did It Know About Heartbleed Bug?

When you purchase through our sponsored links, we may earn a commission. By using this website you agree to our T&Cs.

There was yet another revelation regarding the lengths the NSA will go to spy on its perceived enemies on Friday. According to an article published by Bloomberg, the NSA has known about the recently publicized Heartbleed encryption bug for more than two years. The sources for the article claim the NSA discovered the Heartbleed flaw soon after the encryption algorithm was created, but chose not to reveal the vulnerability so they could exploit it for intelligence reasons.

Statement from NSA

National Security Council spokeswoman Caitlin Hayden spoke to the media last Friday and categorically denied the claims in the Bloomberg article. “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong.”

Hayden continued, “When Federal agencies discover a new vulnerability in commercial and open source software — a so-called “zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it — it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.”

Hayden closed her statement with vague reassurances, citing proven toothless watchdog policies. “In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”

Zero day vulnerabilities

The Bloomberg article claims the NSA maintains a list of software bugs and holes it has discovered, the “zero day” list, which can be exploited to gain access to supposedly secure networks. The sources claim the NSA only releases zero day information begrudgingly and after some time has passed, and most importantly only when they are sure they have other means of breaking into secure networks. The agency justifies this egregious violation of law and the U.S. Constitution as a necessary part of national security efforts.

According to the Wall Street Journal, during recent discussions at the White House among senior officials regarding the issue, “People familiar with the discussions said the push to disclose and address zero day vulnerabilities was a major point of contention for the intelligence agencies, which fought the recommendation.”

Our Editorial Standards

At ValueWalk, we’re committed to providing accurate, research-backed information. Our editors go above and beyond to ensure our content is trustworthy and transparent.

Want Financial Guidance Sent Straight to You?

  • Pop your email in the box, and you'll receive bi-weekly emails from ValueWalk.
  • We never send spam — only the latest financial news and guides to help you take charge of your financial future.