NSA Exploited Heartbleed for Years (and Weev, Greenwald/Poitras/NYC)

Surprising good news: Weev’s sentence reversed. Don’t pop that champagne until he actually walks out of jail. http://arstechnica.com/tech-policy/2014/04/appeals-court-reverses-hackertroll-weev-conviction-and-sentence/

Less surprising good news: Greenwald & Poitras show up in NYC, don’t get arrested. Hope they get out fast. Who’s guarding the docs in Rio & Berlin? http://arstechnica.com/tech-policy/2014/04/journalists-who-got-snowden-docs-arrive-in-us-for-first-time-in-months/

The NSA knew about Heartbleed almost as soon as it was introduced, and fully exploited the espionage potential of the bug, according to Bloomberg. The NSA (well, ODNI) denies this but nobody believes them.

What were they doing? Researchers report a Heartbleed-armed botnet spent a few months in 2013 trying to log all the conversations on the Freenode IRC network — exactly the kind of thing a spy agency would do.[1]

The idea of the NSA sitting on such a bug has not gone over so well in the tech community. As Cloudflare’s CEO put it, “Hard as a tech company today to not feel like we’re at war with our own government.” [2]

This kind of dynamic (or at least the anticipation of it) is probably why there’s an odd social membrane between US spies and US companies. Describing it would take more than a few sentences, but the upshot is it keeps ‘civilians’, well, *completely clueless*… to the point of living in an entirely separate world… about the true capabilities of the spies. And it does so despite the notoriously “transparent” US culture.

Very remarkable effect, actually, worth some study in its own right. I suspect it caused the KGB tremendous grief and confusion during the Cold War.

[1] https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013

[2] https://twitter.com/eastdakota/status/454704897494372352


%d bloggers like this: