NSA Denies Bloomberg ‘Heartbleed’ Report Based on Unidentified Sources
The hyperbolic headline from Bloomberg that stirred up the mighty Greenwald army today: NSA Said to Have Used Heartbleed Bug, Exposing Consumers - Bloomberg.
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. …
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
Notice the source? Two anonymous people “familiar with the matter.” And lo, the clicks pour in.
It looks like the NSA has realized they need to answer these hyperbolic stories right away, at least, because they wasted no time coming out with an official response: NSA Denies It Used ‘Heartbleed’ Bug to Gather Intelligence - NBC News.com
The National Security Agency on Friday denied a report that it has been aware for years of the enormous ‘Heartbleed’ security flaw affecting millions of websites, but kept the information secret and used it for its own purposes.
Bloomberg, citing unidentified sources, reported Friday that the NSA knew about Heartbleed for two years before the public disclosure of the bug by security researchers last week.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong,” the agency said in a statement to NBC News.