Post Heartbleed bug, we are aware of bugs which are capable of exploiting vulnerable websites. Hence, the ‘New’ White House Policy declared that National Security Agency should disclose most major security vulnerabilities to avoid such widespread security threats caused by Heartbleed bug recently. However, President Obama has allowed the agency to keep some minor flaws secret for “a clear national security or law enforcement need”, as confirmed by a senior administration official.
Agency used Heartbleed bug for last two years
Although NSA rebuffed, but a Bloomberg report revealed that National Security Agency knew about the Heartbleed bug and agency has known about the security flaw for more than two years and also, used it to spy and gather intelligence. Hence, NSA’s spying efforts to keep Heartbleed flaws under the wraps has posed massive threat for all Internet users. As per the report, “NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost.” The report has also added that “Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”
NSA denied use of Heartbleed bug
Friday, NSA has rebuffed what the report claimed and has issued a denial of the “knowledge or use of” Heartbleed bug. The Office of the Director of National Intelligence has claimed to have learned about the existence of Heartbleed bug and the security flaw as it was exposed by a cybersecurity report. The agency has clearly stated that “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong.”
NSA needs to keep certain level of security flaws secret that they can exploit to gather intelligence, however, if such bugs are not alarmed, expose our online accounts and Internet usage exploitable by cyber criminals.
In addition to keeping secret of such security flaws, NSA is also known to acquire flaws by “covert purchases of software vulnerabilities” from malware vendors as well as creating such vulnerabilities, as per Snowden documents which were uncovered to Reuters last year.