While the Bloomberg report cited two unnamed sources, described as “people familiar with the matter,” the NSA denied the allegations late Friday in a post on the official Twitter account of the agency's public affairs office. The agency said: “Statement: NSA was not aware of the recently identified Heartbleed vulnerability until it was made public.” Bloomberg reported that the NSA exploited the Heartbleed bug to obtain vital data used by cyber-crooks. It said the clandestine agency discovered the flaw shortly after it was accidentally created in 2012 by an adjustment in the OpenSSL software, according to an unnamed source.
After that, Bloomberg said, the bug “became a basic part of the agency's tool kit for stealing account passwords” and other information, while most internet users and security experts remained unaware of the flaw.
news.com.au 12 Apr 2014