NSA Denies Allegations Regarding Heartbleed

Credit: Mashable

US Intelligence agencies and the White House have denied the allegations that the Heartbleed glitch was exploited by spy agencies for gathering intelligence. This statement was given after a Bloomberg report, which had cited two anonymous sources familiar with the matter that made accusations against the National Security Agency (NSA). According to them, the NSA had knowledge of the bug for at least 2 years and had used it for harvesting passwords and other important information that’s utilized in hacking operations. It was last week that the Heartbleed bug had emerged as a threat and it is being regarded as one of the most serious internet security flaws to be discovered in the past few years.

Caitlyn Hayden, the spokeswoman for the White House National Security Council said that the reports stating that the NSA and the government were aware of the vulnerability before this month are not based on facts. She further added that the administration was responsible for ensuring that the internet remains reliable, secure and also interoperable. It had been discovered by researchers of a small security firm called Codenomicon and Google Inc. that there were vulnerable versions of a popularly used software called Open SSL enabled hackers to obtain data of the users without getting traced. This bug had affected various companies including Facebook Inc., Yahoo Inc. and Google Inc. which are some of the most notable technology firm these days and others as well.

Ms. Hayden said that Open SSL is used by the federal government for protecting the privacy of users of different online services and also government websites. She said that if they, which mean the federal government and also the intelligence community, had been aware of this vulnerability before last week, they would have taken the proper steps necessary for informing the community that manages Open SSL. She further asserted that whenever a new vulnerability is discovered by US Intelligence agencies in open-source and commercial software, disclosing it to the public is in their national interest rather than using it for intelligence and investigative purposes. Zero day flaws is the name given to such vulnerabilities as software developers have had zero days for resolving the issue.

A separate statement was made by Vanee Vines, NSA spokeswoman, in which she clarified that, the Heartbleed bug affecting the Open SSL had not been known by the NSA prior to being announced in a private sector cybersecurity report. Since Edward Snowden, the former agency contractor leaked various documents about the agency’s surveillance efforts in the US, the activities of the National Security Agency have come under sharp scrutiny. In December, an advisory panel had been convened, comprising of five members, which had reviewed the electronic surveillance policy and had encouraged the White House to halt the undercutting of encryption standards and also put a stop to the use of undisclosed flaws.

Later, in February, it had been announced by a senior White House official that both issues were being intensively studied by the Obama Administration.