The NSA Knew Of HeartBleed Bug For Two Years And Used It To Spy On The Internet
If the report is true — both the White House and the NSA say it’s not — the NSA could have collected information like passwords and private communications from hundreds of thousands of websites, since Heartbleed is a bug in the popular open-source encryption software OpenSSL, used to secure data flowing from users’ computers to hundreds of thousands of websites, including Gmail and Facebook.
Almost two-thirds of all sites on the Internet use OpenSSL, according to estimates, making this bug possibly one of the most dangerous the Internet has ever seen and potentially allowing the NSA to access information on millions of users.
Matthew Prince, the CEO of security firm Cloudflare, tweeted that it’s “hard as a tech company today to not feel like we’re at war with our own government.”
Despite the outrage, this revelation doesn’t come as a complete surprise for many. Over the past few days, some have already speculated whether the NSA used Heartbleed to breach SSL, since documents leaked by Edward Snowden revealed the spy agency has been trying to breach it for years.
“It would not at all surprise me if the NSA had discovered this long before the rest of us had,” Matt Blaze, a cryptographer and computer security professor at the University of Pennsylvania, told Wired. “It’s certainly something that the NSA would find extremely useful in their arsenal.”