Well isn’t that nice. The NSA, an agency which claims to be on guard for cyber security threats (when they’re not busy spying on you), has known about Heartbleed, the critical security bug which made it possible to steal passwords, emails and other information on a massive scale, and has intentionally withheld information from security professionals for years. Why? So that they would have unfettered access to everyone’s personal information.
This afternoon, Bloomberg News journalist Michael Riley reported that the NSA knew about the security flaw for at least two years ago, but kept it hidden from technologists so that they could use it to hack the computers and correspondence of their targets.
“The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” Riley wrote.
“Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost,” he wrote. “Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”
According to Bloomberg, the NSA declined to respond to their requests for comment.