View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

US denies claims that NSA exploited ‘Heartbleed’ bug

Claims follow Bloomberg allegations that the agency exploited flaw in OpenSSL to gather information.

By CBR Staff Writer

The White House and US intelligence agencies have denied claims that the National Security Agency (NSA) or any other government units were either aware or have exploited the Heartbleed bug in order to collect intelligence.

The denial comes after report from Bloomberg News, citing two sources, claimed that the NSA exploited the flaw in OpenSSL to gather information on citizens.

White House National Security Council spokeswoman Caitlin Hayden said in a statement that reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 were incorrect.

"This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet," Hayden said.

"If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."

Upon the discovery of Heartbleed by researchers at Google and Finnish security firm Codenomicon, the US Homeland Security Department advised businesses to check their servers to see if they had been using vulnerable versions of OpenSSL.

In a statement, the NSA said that it was, "not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In addition, US banks and other financial institutions have been advised to patch their computers to thwart attacks that exploit the Heartbleed flaw in Internet security.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.