informationliberation
The news you're not supposed to know...




An Introduction to Austrian Economics: Understand Economics, Understand Everything
The Century of the Self: The Untold History of Controlling the Masses Through the Manipulation of Unconscious Desires
The Disappearing Male: From Virility to Sterility

The Obama Deception: The Mask Comes Off
Operation Gladio: The Hidden History of U.S. Sponsored False Flag Terrorism in EuropeThe New American Century: The Untold History of The Project for the New American Century
(more)
Article posted Apr 14 2014, 7:34 AM Category: Big Brother/Orwellian Source: Common Dreams Print

NSA Exploited Heartbleed for Own Use

White House denial highlights 'fundamentally flawed' dual mission of government spy agency
Lauren McCauley


Not only did the NSA know about the Heartbleed internet bug—found to have exposed the sensitive information of countless web users—but they exploited it for their own intelligence gathering purposes for years, sources charge.

Bloomberg News reported late Friday that the agency found Heartbleed shortly after its introduction in early 2012, according to a person "familiar with the matter," and rather than reporting or repairing the flaw, the NSA adopted it as "a basic part of they agency's toolkit for stealing account passwords and other common tasks."

Heartbleed, believed to be one of the biggest flaws in the Internet's history, is a vulnerability in OpenSSL protocol, which is used to encrypt communications between users and websites. The bug makes those supposedly secure sites an "open book," Bloomberg explains. The existence of Heartbleed was first made public on April 7.

By adding Heartbleed to their arsenal—as a means of obtaining passwords and other secure information—critics say the agency not only furthered their own controversial practice of stockpiling user information but they left vulnerable millions of users against outside attack.

After the allegations surfaced, the White House denied that they knew about Heartbleed prior to April 2012.

Regardless, Bloomberg's sources note that, in addition to Heartbleed, the NSA currently "has a trove of thousands of such vulnerabilities that can be used to breach some of the world’s most sensitive computers."

The incident highlights what many are saying are the "fundamentally incompatible" dual missions of the agency: securing cyber-infrastructure and gathering foreign intelligence.

"Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals," John Pescatore, director of emerging security trends at a cyber-security training firm, the SANS Institute, told Bloomberg.

Fred Cate, director of Indiana University's Center for Applied Cybersecurity Research, wrote in October 2013:
Privacy and security advocates have long worried that in pursuit of the latter, increasingly dominant mission, the agency would learn about software and other vulnerabilities and rather than disclose or attempt to fix them, the agency would exploit them, thus compromising the former mission.
“The president has identified cyber threats as among the most critical dangers facing the nation,” added Cate. “Yet it is hard to take this claim too seriously when key responsibility for fighting those threats is given to the agency with the most to gain by hiding and exploiting them.”

Warning of this such abuse, in December 2013, President Obama's NSA review panel said the White House should not "undermine efforts to create encryption standards" and not "subvert, undermine, weaken or make vulnerable" commercial security software.

And as Julian Sanchez, founding editor of the Just Security blog, adds: "It's time to create an organization that's fully devoted to safeguarding the security of Internet users – even if that might make life harder for government hackers."





Latest Big Brother/Orwellian
- Apple May Want To Protect Your Phone Data From Snooping, But It's Snarfing Up Your Local Desktop Searches
- FBI Director Continues His Attack On Technology, Privacy And Encryption
- Florida Appeals Court Strikes Down Red Light Cameras
- Silk Road Judge Won't Examine FBI's Warrantless Server Hacking; Dismisses Suppression Motion On 'Privacy Interest' Technicality
- School Makes 5-Yr-Old Sign Contract Saying She Won't Kill Herself Nor Murder Others
- TSA Kangaroo Court Rubber Stamps TSA Fining Guy Who Stripped Naked, Completely Dismissing Court Ruling Finding It Legal
- 9/11 Activist Surrenders To Police After Cameron's UN Speech Deemed Truthers as Extremists
- Eric Holder Implies That Mobile Encryption Will Lead To Dead & Abused Kids









No Comments Posted Add Comment


Add Comment
Name
Comment

* No HTML


Verification *
Please Enter the Verification Code Seen Below
 


PLEASE NOTE
Please see our About Page, our Disclaimer, and our Comments Policy.


FAIR USE NOTICE
This site contains copyrighted material the use of which in some cases has not been specifically authorized by the copyright owner. Such material is made available for the purposes of news reporting, education, research, comment, and criticism, which constitutes a 'fair use' of such copyrighted material in accordance with Title 17 U.S.C. Section 107. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. It is our policy to respond to notices of alleged infringement that comply with the DMCA and other applicable intellectual property laws. It is our policy to remove material from public view that we believe in good faith to be copyrighted material that has been illegally copied and distributed by any of our members or users.

About Us - Disclaimer - Privacy Policy



Advanced Search
Username:

Password:

Remember Me
Forgot Password?
Register

Video: Cop Arrests Subway Performer For Singing, Despite Cop Reading Aloud Rule Saying It's Permitted - 10/20Video Shows Officer Coaxing Friendly Pets Closer With Kissing Noises Before Opening Fire - 10/20ISIS Cited as Michigan Village's Police Push for Secrecy - 10/20County Justifies Warrantless Raids Because Cannabis Plants Are An 'Immediate Danger' - 10/20Reading the Road Map to a Police State - 10/20FBI Director Demands Law to Give Cops Backdoor Access to Everyone's Private Data - 10/20New Zealand Police Raid Home Of Reporter Who Embarrassed Gov't Officials & Was Working On Snowden Documents - 10/20Chicago Cops Loot Taxpayers For Settlement After Beating Woman During Raid; Video 'May Inflame Jury' - 10/21

Rialto, CA Police Made to Wear Cameras, Use of Force Drops by Over Two-ThirdsCop Who Karate Chopped NY Judge In Throat Gets Off Scot-FreeFlorida Cop Smashes Compliant Woman's Face Into Car -- "Maybe Now You Can Understand Simple Instructions"VIDEO: Lapel Cam Reveals A Day In The Life Of A U.S. Police Officer (Tasing, Beating, Breaking & Entering, Stomping On Heads... and Laughing About It)Caught On Tape: Officer Sucker Punches Inmate In Face, Files Report Claiming 'Self Defense'Insult Person On Twitter, Go To JailSWAT Team Brings TV Crew To Film Raid Against Threatening Internet Critic -- Raids Innocent Grandma InsteadCop Karate Chops NY Judge In The Throat
(more)

 
Top