Saturday, April 12, 2014

Listen To My Heartbleed

A lot has been in the news about the Heartbleed secure website vulnerability problem, which has affected tens of thousands of websites and possibly compromised millions of passwords (Mashable has a good list of what passwords you should change now) but the story has taken a much darker turn as Bloomberg News is reporting that the NSA supposedly knew about the vulnerability two years ago, didn't tell anyone, and exploited the bug to gain information from websites.

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

Now, if this is true the NSA has a lot to answer for, but "two people familiar with the matter"?  No names?  Pretty big bombshell for anonymous sources, yes?  And as far as I can tell, nobody has independently verified this story yet.

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.

Again, this represents a huge ethical problem if true, but that's a huge if right now.  It's not stopping people I read and respect from assuming this is now gospel truth because of course any story these days claiming the NSA has done X has to be true because the NSA is evil and you can'[t trust them.

And once again, if this story is true and if the NSA did know about this (or as some people have also speculated created the bug in the first place in order to open a nearly universal back door to secure websites) then heads need to roll.

Ironically, if this story is true, shouldn't Edward Snowden's vast treasure trove of stolen documents have contained this information?  This is a pretty damning accusation. Something like this would be at the top of the list for his stated goal of exposing unethical, damaging, and illegal practices by the NSA, yes?

This is a bug that affected millions of ordinary people. Right now, there's as much "proof" that Snowden knew about Heartbleed and said nothing as there is that the NSA knew the same and did nothing, i.e. total speculation.

Might want to keep that in mind.

2 comments:

RepubAnon said...

Indeed - it would be interesting to get Mr. Snowden's comments on this.

Horace Boothroyd III said...

Looks to me like you have nailed this exactly:

Pretty big story to be supported by just two anonymous sources.

If the NSA has been exploiting Heartbleed for two years, and Snowden's document trove is so valuable, curious that Greenwald never brought it up.

Personally I think that the NSA hysterics have never met a conspiracy theory they couldn't swallow, going back many years through the 9-11 troofers and beyond, and the sad fact is that their irresponsible gibbering has vastly complicated the objectively enormous task of reining in the National Security State.

By way of example, the CIA and Senate Oversight are smacking each other in a brutal round of bureaucratic trench warfare but all the non political junkies I know are dismissing the news as ''just those anti NSA bozos squealing about something again.' Which is of course tremendously frustrating as the CIA really is an out of control gang of murdering thugs who desperately need to be brought to heel. Thanks Ed. Thanks Glenn. Thanks Laura.

Related Posts with Thumbnails