It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

NSA Said to Exploit Heartbleed Bug for Intelligence for Years

page: 1
19
<<   2 >>

log in

join
share:

posted on Apr, 11 2014 @ 02:50 PM
link   


So, this happened

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.


NSA Said to Exploit Heartbleed Bug for Intelligence for Years

Seriously, what is up with these guys.
I am not sure which I find more disturbing though, the fact that they are acting like the SS of Nazi Germany, or that they are terrible at their job and get caught so often at what they do.

Anyhow...its time to at this point look at this agency, rip it apart, get some oversight by a citizens watch, and ask just what in the hell is going on with the security of this nation trashing the privacy of the people. I can understand a job necessity to try and keep the homeland safe from craziness, but I feel (note the word feel) that this is stepping over the bounds of security towards damaging the liberties we enjoy for the off chance they come across something.

I have no solutions of course...and if I was director of the NSA...I can certainly see the desire to use the exploit..but at what point has it gone too far towards the average citizen.

___
I did do a quick search for "heartbleed" and nothing relevant came up.
If this is in the wrong forum, please put it where it belongs



posted on Apr, 11 2014 @ 03:16 PM
link   
reply to post by SaturnFX
 


What are the chances the NSA didn't create and deploy Heartbleed in the first place?
This information that they exploited it might just be a "fire break" in the PR.



posted on Apr, 11 2014 @ 03:20 PM
link   
reply to post by SaturnFX
 


You mean the NSA did something bad?! Stop the presses!



-SAP-



posted on Apr, 11 2014 @ 03:20 PM
link   

SaturnFX
two people familiar with the matter said.


two people familiar with the matter. Hm, how can we be sure that this is not just yet another counter-Intel tactic from the Kremlin? See Operation INFEKTION.


edit on 11-4-2014 by swanne because: (no reason given)



posted on Apr, 11 2014 @ 03:21 PM
link   
Great example of how NSA practices actually make us less safe.

All of our passwords were compromised by this and thanks to the NSA figuring it out, and other governments having spy capabilities they likely knew too.

I wonder just how many cases of identity theft the NSA is responsible for due to just sitting on this bug.
edit on 11-4-2014 by Aazadan because: (no reason given)



posted on Apr, 11 2014 @ 03:24 PM
link   
reply to post by Aazadan
 


Another article meant to keep the people in a fear-and-hatred state of mind. Then when an "anti-fascist", "New Order" party will present itself, all of the population will blindly follow it.

The world is not runed by "white and black" politics. It's all shades of grey. There are alot of accusations but remember that if some guy accuses another guy, it doesn't make this guy a good guy.


edit on 11-4-2014 by swanne because: (no reason given)



posted on Apr, 11 2014 @ 03:56 PM
link   
Ah crap, I just authored a thread about this.

When I first searched there was only one HeartBleed thread, and it had nothing to do with the NSA knowledge. Sorry about that, you beat me to it, I will ask the Mods to close mine and I'll defer to yours.



posted on Apr, 11 2014 @ 03:57 PM
link   
Their job is not to protect YOU, so why should they?



posted on Apr, 11 2014 @ 04:06 PM
link   
reply to post by pookle
 


National Security Agency Central Security Service

GOAL 1: Succeeding in Today's Operations - Enable wise policymaking, effective national security action, and U.S. freedom of action in cyberspace by exploiting foreign use of electronic signals and systems and securing information systems used by the U.S. and its allies, while protecting privacy and civil liberties.


It is absolutely their first and foremost job.



posted on Apr, 11 2014 @ 04:07 PM
link   
The NSA/GCHQ won't touch bugs in open source code for obvious reasons in that it shows that they're looking, but if they did know for ages it means someone else finally read the source code well enough to spot the flaw so it became worthless or too valuable to allow to be exploited and its amazing how all the companies are able to sort it out so fast



posted on Apr, 11 2014 @ 04:12 PM
link   
Its good we are paying this organization millions upon millions to make us not at all safer online.

Wait...why do these people get a paycheck again?



posted on Apr, 11 2014 @ 04:16 PM
link   

OatDelphi
reply to post by pookle
 


National Security Agency Central Security Service

GOAL 1: Succeeding in Today's Operations - Enable wise policymaking, effective national security action, and U.S. freedom of action in cyberspace by exploiting foreign use of electronic signals and systems and securing information systems used by the U.S. and its allies, while protecting privacy and civil liberties.


It is absolutely their first and foremost job.



Securing information systems used by the U.S. and its allies, while protecting privacy and civil liberties.

Used by the US (probably meaning US government), allies (again probably meaning the allied governments) protecting privacy (theirs) and civil liberties (ensuring open access to communications so they can monitor it more easily).



posted on Apr, 11 2014 @ 04:29 PM
link   
reply to post by SaturnFX
 


Completely agree...

It's one thing, and maybe even justifiable(not IMO though) to collect ridiculous amounts of data.

However it is not justifiable to leave a gaping hole that they knew was there, wide open. They chose to let the whole world be attacked by hackers so that they themselves could carry on with their own agenda.

This in my book is the final straw; because they specifically failed to follow their government mandated directives. There is no defense, no reasoning, and no excuse that can explain away why this was done. They can't spin this into the "war on terror". This was an outright attack on the taxpayers.

heartbleed.com...


The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.


edit on 11-4-2014 by OatDelphi because: added content



posted on Apr, 11 2014 @ 04:36 PM
link   
reply to post by SaturnFX
 


I don't think that they're bad at their job. I believe that things like this are a distraction from deeper things that they are involved in.



posted on Apr, 11 2014 @ 05:20 PM
link   
Don't go about changing any of your passwords on sites using SSL without first checking to see that the site has a current and/or HeartBleed secure version of SSL in place...

You can do that at (www.LastPass.com/heartbleed)



posted on Apr, 11 2014 @ 05:31 PM
link   

OatDelphi
Don't go about changing any of your passwords on sites using SSL without first checking to see that the site has a current and/or HeartBleed secure version of SSL in place...

You can do that at (www.LastPass.com/heartbleed)







And how does one check?


You do realise who controls the CA's (Certificate Authorities) right? They have access to the keys of the kingdom.

Not to mention the recent RSA scandal and RSA keys.


edit on 11-4-2014 by pookle because: (no reason given)



posted on Apr, 11 2014 @ 05:46 PM
link   

SaturnFX

Seriously, what is up with these guys.
I am not sure which I find more disturbing though, the fact that they are acting like the SS of Nazi Germany, or that they are terrible at their job and get caught so often


It is my pet theory that this a the trick. They are getting "caught" but not really, right? Is anyone going to jail or lose their office? Spying and profiling keeps happening and it is increasing. They only thing that comes of these discoveries is the people hear about it.

Corruption is no longer a problem, it is a fact of life. Deal with it any way you will. Before it became a fact of life it went through all the same debates spying is going through. Nobody will ever agree with spying but eventually we will just get fed up and it will become a fact of life.

Protesting it just plays into the profiling and it is a "special" designation.



posted on Apr, 11 2014 @ 05:51 PM
link   
reply to post by pookle
 


You may be right...

But considering the EU recently shot down meta-data collection, I personally feel safe using any affiliate/partners of ETSI to verify current SSL security.



posted on Apr, 11 2014 @ 05:59 PM
link   

OatDelphi
reply to post by pookle
 


You may be right...

But considering the EU recently shot down meta-data collection, I personally feel safe using any affiliate/partners of ETSI to verify current SSL security.



And they immediately laucnhed a counter to the stopped meta-colleciton.

They will NOT be stopped, all we can do is make them work for their money.

I have ZERO faith in SSL due to 1) it's flaws and 2) them having access to the CA's.

All you are doing is transferring your trust to somebody you don't have control over, the CA's.

RSA has had their keys compromised for a LONG time, same for CA's.

You have to roll your own end to end, you can start by using gnuPGP and Truecrypt and assume everything else is unsecure.

if you don't want them to know about it, don't transmit it, use air gaps, ie., USB dongles only for transferring or something, at the very least, wrap it in something more secure.

The only way you can prevent them knowing, is not telling, anybody. The rest is just to protect against joe blow et al. Not the government et al.

They got access to the pipes, backgones, CA's, RSA keys, major sites et al.

You honestly think they're gona stop? Not in a million years. Back when Mozilla Netscape was out, in the 90's, I had my web pages hit by the CIA back then, how did I know? I logged them (It was a site outside the US). They were ramping up their monitoring back then and before. This was back in HTML 0.x 1.0 days.


edit on 11-4-2014 by pookle because: (no reason given)



posted on Apr, 11 2014 @ 06:35 PM
link   
reply to post by pookle
 

No I don't think they will stop. And to be honest, I don't disagree with anything you are saying. But having said that it's the Joe Blows that I am worried about.

I don't have anything to hide from the Gov't. If they want to waste taxpayers dollars looking into my life it will be a short and boring report. What I do have to worry about though, is the small timers taking my S.S.# from sites like TurboTax, my bank acct #'s, or my credit card info from one of many online retailers I prefer to use.

Short of complaining to my congressman there really isn't anything I can do about ABC agencies just like you stated. But there are steps (even if they are minimal) that I can take to protect my wallet and identity from common thieves. And since my own Gov't agency clearly doesn't seem willing to do their job and protect me, because they are too busy doing their own dirty work, I have to take these minimal-at-best steps to keep the Joe Blows out.



new topics

top topics



 
19
<<   2 >>

log in

join