CHINA TOPIX

11/22/2024 11:41:02 am

Make CT Your Homepage

Heartbleed bug exposes massive number of Chinese websites to NSA spying

The US National Security Administration (NSA) has been aware of the "Heartbleed" bug for over two years and has been exploiting the bug to carry out undetectable spying on US strategic competitors, including China.

Major US media organizations such as Bloomberg have reported that the NSA has been aware of and actively exploiting the Heartbleed bug for at least two full years, citing sources familiar with the incident.

Like Us on Facebook

The NSA, however, said in a Twitter post it was not aware of the recently identified Heartbleed vulnerability until it was made public.

Security analysts said the new allegations against the NSA will add to the woes faced by the much maligned agency, which is still struggling with the damaging and negative publicity generated by Edward Snowden's revelations.

Snowden last year revealed that the super secret NSA can easily defeat many of today's encryption technologies, and that the supposedly safe Secure Socket Layer or SSL protocol was a favorite target for the NSA.

Last week's astonishing revelation that a small error in the open-source OpenSSL implementation of the SSL encryption protocol, called Heartbleed, opened a huge hole in the security million of websites worldwide and has raised fears of NSA snooping. Those fears seem to have been confirmed by the latest exposés.

Heartbleed exposed to hackers passwords from supposedly secure sites protected by HTTPS. It has given cyber-criminals the chance to steal private user information such as credit card numbers, usernames and passwords, said security analysts.

Heartbleed was discovered two weeks ago and disclosed only last April 7. It has caused several websites to advise users to change their passwords.

"The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit," said Tumblr in a warning to its users.

"It is catastrophically bad, just a hugely damaging bug," said International Computer Science Institute security researcher Nicholas Weaver.

Real Time Analytics