By Casey Frye, CCNN Writer
Earlier this month, a Google researcher found a major flaw in basic Web communication security. The bug was named Heartbleed, and according to a new report, the National Security Agency (NSA) has been taking advantage of it for years.
One of the most popular Web communication securities software, Secure Sockets Layer (SSL), is used by at least two thirds of websites on the internet, including Gmail, Yahoo, and Amazon. As it turns out, the Heartbleed bug allows hackers to access the servers of these SSL-protected sites, which contain information like usernames, passwords, important documents, credit card numbers, bank accounts, and other sensitive information.
Though the flaw was barely exposed to the public last week, a new report says the NSA has known about it for quite a while. Instead of warning the public that their personal information was at high-risk, the agency decided to keep Heartbleed a secret, and exploit it to gather intelligence. Of course, the NSA denied the accusation completely claiming they only found out about the Heartbleed bug at the same time as the public. The agency also stated that if they did find the flaw, they would have immediately warned websites that use SSL protection. However, their past actions definitely work against them.
Just last year, former NSA contractor Edward Snowden leaked documents that exposed a secret NSA project to track personal phone records of unsuspecting citizens. If similar documents are released proving the NSA knew about Heartbleed, they could have lawsuits coming left and right. The scary part about this report is that if our government was able to find the flaw, there may be a chance other governments could, too. It’s definitely a possibility, since UK intelligence hacked into Yahoo webcams across the USA.