Bloomberg News reported that the spy agency knew about the flaw in the way numerous websites send sensitive information for at least two years before it was fixed, and gathered critical information by exploiting it.
The NSA is denying a report that it knew about and exploited a defect in Internet security technology that left millions of computer users vulnerable to hackers, now known as the “Heartbleed” bug.
Sources told Bloomberg News that by using “Heartbleed,” the NSA had a new weapon in its arsenal to conduct sophisticated hacking operations such as obtaining passwords. Millions were subsequently left vulnerable to criminal hackers or foreign intelligence agencies, according to the report.
However, NSC Spokesperson Caitlin Hayden said in a statement Friday that the neither the NSA nor any other federal agency had any knowledge of “Heartbleed” before it was revealed in a private cybersecurity report earlier this week.
She said any reports that claim the government knew about the flaw before that are wrong.
“This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet,” the statement said. “If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”
The NSA has been under heavy scrutiny since documents disclosed last year by former NSA systems analyst Edward Snowden showed that the government collects mass amounts of data from major Internet companies such as Google, Apple, Microsoft and Facebook through one of its programs designed to target communications of foreigners located outside the U.S.
The Obama administration contends the searches are legal because they are searching information they lawfully obtained.