NSA knew about Heartbleed, exploited it for two years

As predicted, the huge Internet security vulnerability was used by the NSA. We should not be surprised, but furious

Topics: NSA, National Security Agency, heartbleed, Surveillance, openssl, Privacy, Spying, encryption, cryptography, , ,

NSA knew about Heartbleed, exploited it for two yearsFILE - This June 6, 2013, file photo, shows a sign outside the National Security Administration (NSA) campus in Fort Meade, Md. The Senate Intelligence Committee three years ago secretly considered, but ultimately rejected, alternate ways for the National Security Agency to collect and store massive amounts of Americans’ phone records, The Associated Press has learned. (AP Photo/Patrick Semansky, File) (Credit: AP)

As soon as Heartbleed — the grave and widespread vulnerability which has for two years plagued Internet security — was discovered this week, skeptical and speculating eyes looked to the NSA. Some corners of the crytpography community even wondered if the bug had been purposefully planted at the bidding of spy agencies in the notoriously inscrutable OpenSSL code for mass surveillance purposes.

This was no tinfoil hat theorizing. The NSA may not have caused the critical flaw (thought to be born of human error with complicated cryptogaphy), but they certainly knew about it and exploited it. As Bloomberg News reported  Friday, the NSA “knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.”

Sadly, it should come as no surprise that the spy agency willingly let a flaw in the very security infrastructure of the Internet persist without offering this information to the public. Edward Snowden’s leaks have already revealed that the NSA, working with both coerced and compliant technologists, weakened the security of standard online encryption for mass surveillance purposes. We now well know that the corporate-government surveillance nexus has ensured the Internet is no safe haven for free communication — the cybernetic dreams have turned to nightmares; there is no power symmetry where privacy and information are concerned.



As Bloomberg reported, “The agency found the Heartbleed glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.” It is a chilling fact: that the government has kept secret an encryption flaw that makes our nearly every online interaction — our very lives, played out online — vulnerable to total surveillance (the fact that parties other than the NSA could have exploited the flaw and stolen personal information including passwords and credit card data is worth reiterating here too).

The revelation that the NSA knew and used the Heartbleed flaw, while keeping the public in the dark, is profoundly, chillingly reflective of our political now. Our paranoid national security acts in the shadows with impunity and puts every one of us at risk. We have, again and again, been lied to and shrouded from information pertinent to how we live and interract. The time for outrage is done; these techniques of governmentality are deserving of our rage.

Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 13
  • Close
  • Fullscreen
  • Thumbnails
    Clare Barboza/Bloomsbury

    Uncommon Apples

    Api Étoile

    Like little stars.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Calville Blanc

    World's best pie apple. Essential for Tarte Tatin. Has five prominent ribs.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Chenango Strawberry

    So pretty. So early. So ephemeral. Tastes like strawberry candy (slightly).

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Chestnut Crab

    My personal fave. Ultra-crisp. Graham cracker flavor. Should be famous. Isn't.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    D'Arcy Spice

    High flavored with notes of blood orange and allspice. Very rare.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Esopus Spitzenberg

    Jefferson's favorite. The best all-purpose American apple.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Granite Beauty

    New Hampshire's native son has a grizzled appearance and a strangely addictive curry flavor. Very, very rare.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Hewes Crab

    Makes the best hard cider in America. Soon to be famous.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Hidden Rose

    Freak seedling found in an Oregon field in the '60s has pink flesh and a fragrant strawberry snap. Makes a killer rose cider.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Knobbed Russet

    Freak city.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Newtown Pippin

    Ben Franklin's favorite. Queen Victoria's favorite. Only apple native to NYC.

    Clare Barboza/Bloomsbury

    Uncommon Apples

    Pitmaston Pineapple

    Really does taste like pineapple.

  • Recent Slide Shows

Comments

Loading Comments...