NSA, White House deny prior Heartbleed intelligence

Both the National Security Agency and White House issued statements denying prior knowledge of online security bug Heartbleed, following a Bloomberg report on Friday claiming otherwise.

"(The) NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cyber security report," Vanee Vines, an NSA spokeswoman, wrote in an email.

That statement contradicts two anonymous sources, who told Bloomberg that the NSA not only knew about Heartbleed for at least the last two years, but that it had been exploiting the security breach to gather intelligence. Researchers discovered the bug last week, causing a panic as servers and websites scrambled to secure information.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Aligning with the NSA, White House national security spokeswoman Caitlin Hayden also issued a statement denying early U.S. government intelligence on the bug, calling reports to the contrary "wrong."

"This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable internet," Hayden said. "If the federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL."