The infamous malware, Heartbleed, was claimed to be taken advantage of by the U.S. National Security Administration (NSA) in the midst of a public and political outcry over the federal agency's surveillance programs. Arthur Dominic Villasanta of ChinaTopix said in a report that the bug was already on the NSA radar and had been exploited to carry out their spying operations on several of its strategic competitors, including China.
Citing major media organizations, like Bloomberg, the site says sources have confirmed that the federal agency has been actively exploiting Heartbleed for at least two years. Security analysts has been quoted as saying that the latest allegations against the NSA could hurt the already embattled agency deeply.
Two weeks ago, Heartbleed became world news when it was disclosed on April 7 that the bug causes passwords from supposedly secure sites protected by HTTPS and exposes it to hackers. Several websites have already cautioned their users to change their passwords to avoid their personal information from getting compromised, ChinaTopix said.
In a online warning, Tumbler said to its users, "The little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit."
Security companies are also scrambling to find out the extent of the damage Heartbleed could do to a server's private encryption key. San Francisco-based company Cloudfare recently revealed that the unthinkable possibility of the exposure of a server's private key is now possible, thanks to Heartbleed, PCWorld said. The private key is part of a security certificate that checks whether a client computer is not connecting with a fake website posing as a legitimate one.
"This result reminds us not to underestimate the power of the crowd and emphasizes the danger posed by this vulnerability," said Nick Sullivan of CloudFlare on a company blog.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
