National Security Agency denies the allegations that it had been exploiting Heartbleed bug OpenSSL for spying on consumers. Before getting into the details of the news, let me introduce you to Heartbleed. Heartbleed is an Internet bug that is a vulnerability to internet security. Heartbleed bug not only exploits websites but also the gadgets everywhere. So it means that for two years we have been living with a threat that any time our device can get affected by Heartbleed and anyone can take advantage and take over access to our voice calls, mails, pictures and everything.
NSA is alleged to be aware of the exploitation since two years and the Bloomberg was first to accuse NSA. It said that NSA not only knew about Heartbleed but also took advantage in obtaining intelligence data without informing any other agency of the vulnerability in the OpenSSL system. An official state made by Bloomberg says, “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong.”
About 2 dozens of devices including servers, routers, switches, phones and video cameras used by small and large businesses have been identified by Cisco and Juniper. The companies are also reviewing dozens more devices to determine whether they’re impacted by the bug as well. Sam Bowling, a senior infrastructure engineer at the web hosting service Singlehop made a remark:
“That’s why this is being dubbed the biggest exploit of the last 12 years. It’s so big and encompassing”.
But NSA completely denies thus allegation. The agency said in a statement, “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cyber security report. Reports that say otherwise are wrong. Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong.”