NSA used Heartbleed bug to capture information, report says [San Jose Mercury News :: ]
(San Jose Mercury News (CA) Via Acquire Media NewsEdge) April 11--The National Security Agency knew for at least two years about the software flaw that has left countless individuals vulnerable to hackers, but the agency failed to alert the public and instead used the weakness to gather intelligence, Bloomberg News reported Friday.
The flaw involves the so-called Heartbleed bug, a flaw in the OpenSSL encryption tool that is believed to be used on about two-thirds of all websites. Because of the glitch, security experts say hackers could steal countless passwords used to access websites and other sensitive information.
While the Bloomberg report cited two unnamed sources, described as "people familiar with the matter," the NSA denied the allegations late Friday in a post on the official Twitter account of the agency's public affairs office. The agency said: "Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public."
Bloomberg reported that the NSA exploited the Heartbleed bug to obtain vital data used by cyber crooks. It said the clandestine agency discovered the flaw shortly after it was accidentally created in 2012 by an adjustment in the OpenSSL software, according to an unnamed source.
After that, Bloomberg said, the bug "became a basic part of the agency's tool kit for stealing account passwords" and other information, while most Internet users and security experts remained unaware of the flaw.
Contact Steve Johnson at firstname.lastname@example.org or 408-920-5043. Follow him at Twitter.com/steveatmercnews
(c)2014 San Jose Mercury News (San Jose, Calif.)
Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com
Distributed by MCT Information Services
[ Back To TMCnet.com's Homepage ]