In a recent news Bloomberg reported that the OpenSSL bug HeartBleed, which came in light because of few security researchers, was being exploited by the NSA for almost two years.
Bloomberg report stated that NSA was aware about this bug and for the last two years was exploiting it for gaining an access to the servers of Internet giants. OpenSSL, which is a cryptographic library being used to transmit the data securely, now houses a bug that can be exploited to steal the X.509 certificates and credentials stored at the website.
Although NSA spokeswoman denied to shed a word on this, Bloomberg reported that the security agency kept the bug in the dark for the sake of national security. NSA on numerous occasions stated that the surveillance they are doing is for protecting the nation from terrorist attacks.
Since last year, Edward Snowden has leaked a number of documents showing NSA plans about surveillance and collecting the data, but the use of HeartBleed was not mentioned anywhere. Security researchers five days ago brought the bug in the day light and since then its been a much of concern for every organization and governments around the world.
Earlier we also reported that U.S. government has issued a warning to the banks and financial organizations about hackers trying to exploit the bug. ‘HeartBleed’ can easily let an attacker gain X.509 certificates and other credentials stored at the server. Although the patch is now available, many of the websites are still vulnerable.
Larry Zelvin, director of the DHS’s National Cybersecurity and Communications Integration Center said, “”While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit unpatched systems,” and for ensuring the integrity banks are being asked to replace the certificates and request the customers to change their passwords for the bank accounts.