NSA knew about Heartbleed, exploited it for two years

As predicted, the huge Internet security vulnerability was used by the NSA. We should not be surprised, but furious

Topics: NSA, National Security Agency, heartbleed, Surveillance, openssl, Privacy, Spying, encryption, cryptography, , ,

NSA knew about Heartbleed, exploited it for two yearsFILE - This June 6, 2013, file photo, shows a sign outside the National Security Administration (NSA) campus in Fort Meade, Md. The Senate Intelligence Committee three years ago secretly considered, but ultimately rejected, alternate ways for the National Security Agency to collect and store massive amounts of Americans’ phone records, The Associated Press has learned. (AP Photo/Patrick Semansky, File) (Credit: AP)

As soon as Heartbleed — the grave and widespread vulnerability which has for two years plagued Internet security — was discovered this week, skeptical and speculating eyes looked to the NSA. Some corners of the crytpography community even wondered if the bug had been purposefully planted at the bidding of spy agencies in the notoriously inscrutable OpenSSL code for mass surveillance purposes.

This was no tinfoil hat theorizing. The NSA may not have caused the critical flaw (thought to be born of human error with complicated cryptogaphy), but they certainly knew about it and exploited it. As Bloomberg News reported  Friday, the NSA “knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.”

Sadly, it should come as no surprise that the spy agency willingly let a flaw in the very security infrastructure of the Internet persist without offering this information to the public. Edward Snowden’s leaks have already revealed that the NSA, working with both coerced and compliant technologists, weakened the security of standard online encryption for mass surveillance purposes. We now well know that the corporate-government surveillance nexus has ensured the Internet is no safe haven for free communication — the cybernetic dreams have turned to nightmares; there is no power symmetry where privacy and information are concerned.



As Bloomberg reported, “The agency found the Heartbleed glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.” It is a chilling fact: that the government has kept secret an encryption flaw that makes our nearly every online interaction — our very lives, played out online — vulnerable to total surveillance (the fact that parties other than the NSA could have exploited the flaw and stolen personal information including passwords and credit card data is worth reiterating here too).

The revelation that the NSA knew and used the Heartbleed flaw, while keeping the public in the dark, is profoundly, chillingly reflective of our political now. Our paranoid national security acts in the shadows with impunity and puts every one of us at risk. We have, again and again, been lied to and shrouded from information pertinent to how we live and interract. The time for outrage is done; these techniques of governmentality are deserving of our rage.

Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and the friends with whom he recorded in middle school in Texas (photo courtesy of Dan Pickering)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser publicity shot (L-R: Tony Lash, Brandt Peterson, Neil Gust, Elliott Smith) (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott and JJ Gonson (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    "Stray" 7-inch, Cavity Search Records (photo courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott's Hampshire College ID photo, 1987

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott with "Le Domino," the guitar he used on "Roman Candle" (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Full "Roman Candle" record cover (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Elliott goofing off in Portland (courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    Heatmiser (L-R: Elliott Smith, Neil Gust, Tony Lash, Brandt Peterson)(courtesy of JJ Gonson photography)

    "Roman Candle" turns 20: Secrets of Elliott Smith's accidental masterpiece (slideshow)

    The Greenhouse Sleeve -- Cassette sleeve from Murder of Crows release, 1988, with first appearance of Condor Avenue (photo courtesy of Glynnis Fawkes)

  • Recent Slide Shows

Comments

Loading Comments...