Government Denies It Knew About, Abused Heartbleed Bug

Tyler Durden's picture

And with this official denial we can be certain that Bloomberg's disgruntled NSA sources were right.

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.


When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.


In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

Now if only the NSA can also release a fabricated YouTube clip proving it never knew abused any compromised network anywhere, then all will be promptly forgiven and forgotten.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Uncle Remus's picture

It's not even very good bullshit.

Future Jim's picture

<< I don't believe the US government in this case

<< I believe the US government in this case

McMolotov's picture

"Trust no one."

Everything I needed to know I learned from The X-Files.

(RIP Deep Throat.)

free_lunch's picture

When it is engineered it"s called a feature!


edotabin's picture

IIRC it was an "undocumented feature"?

Confused's picture

The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report


So is this an admission that the NSA is NOT part of the Federal Government, and that they now operate on their own?


pods's picture

National Security or law enforcement need?
Since when have these people ever been able to differentiate between a want and a need?


Postal's picture

Same thing: If they want it, it automatically becomes a need.

midtowng's picture

the NSA wouldn't lie to us. Spies are known for their honesty.

intric8's picture

...said as they walk you into the fema detention facility, automatic weapons in hand

Kaiser Sousa's picture

"A leak of the major findings of a landmark Senate inquiry into the CIA’s post-9/11 torture of terrorism detainees led, on Friday, to intensified pressure on the White House and the CIA to release the inquiry speedily and with a minimum of redactions.

The classified study, prepared by the Senate select committee on intelligence, concluded that the CIA’s interrogations, secret detentions and outsourced torture sessions were “brutal, and far worse than the agency communicated to policymakers.”

The conclusion that the CIA provided inaccurate information to the Justice Department reflects the findings of a top-secret investigation of the program by the CIA Inspector General’s Office that was triggered by allegations of abuse.

The CIA inspector general’s May 7, 2004, report, which was declassified, found that in waterboarding Zubaydah and Khalid Sheikh Mohammad, deemed the chief architect of the 9/11 attacks, the CIA went beyond the parameters it outlined to the Justice Department’s Office of Legal Counsel, which wrote the legal opinions.

Zubaydah was waterboarded 83 times, while Mohammad underwent the procedure 183 times.

Those cases clashed with the CIA’s assertion _ outlined in the now-declassified top-secret August 2002 Office of Legal Counsel opinion _ that repetition of the methods “will not be substantial because the techniques generally lose their effectiveness after several repetitions.”

Read more here:
ragemachinest's picture

It's all in the last sentence, "Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities".

Future Jim's picture

<< I don't believe the US government in general

<< I believe the US government in general

Dick Buttkiss's picture

I repeat: "Everything the state says is a lie, and everything it has it has stolen." — Friedrich Nieztsche

Future Jim's picture

<< I don't believe the US media in general

<< I believe the US media in general

PacOps's picture
Sharyl Attkisson: When I'd Begin Getting Under Surface of an Obama Scandal, CBS Would Pull Me Off "There is unprecedented, I believe, influence on the media, not just the news, but the images you see everywhere. By well-orchestrated and financed campaign of special interests, political interests and corporations. I think all of that comes into play."

TheGardener's picture

I`am a zero day exploit : I can read the human mind.

I`am a zero hedge exploit, I can guess where my own mind should be headed while consuming ZH.

And, hold onto your non hedged seats, I used to crack code.

But before I`m flooded with headhunters request: just my own
and farts.

intric8's picture

A hearty hello to the nsa lurkers hanging out here. Please dont create a dossier on me.

post turtle saver's picture

Russia Denies It Knew About, Abused Heartbleed Bug

China Denies It Knew About, Abused Heartbleed Bug

India Denies It Knew About, Abused Heartbleed Bug

Japan Denies It Knew About, Abused Heartbleed Bug

Bulgaria Denies It Knew About, Abused Heartbleed Bug

Your Mom Denies It Knew About, Abused Heartbleed Bug

Tyler Denies He Beats His Wife

deeeeeeerrrrrrpp de derp

walküre's picture

Awesome. It pretty much shut down the Canadian government websites this week until further notice. Canucks can't file their taxes. Why does this not happen in the US for once and for all?

Canuckistan Al's picture

Well thats One way to look at it..............


Perhaps its also true that those who have not yet filed will not get their refund checks anytime soon either?

Confused's picture

According to Washington Post many people won't be getting their refunds in the US......Period.

walküre's picture

..and so it begins. How many months does it buy them? Enough to ride out until QE4 gets announced?

JLee2027's picture

".... the result of a single sentence tucked into the farm bill lifting the 10-year statute of limitations on old debts to Uncle Sam."

Exactly how child support debt collection started. A 1986 amendment by Bill Bradley stuck onto another bill that had nothing to do with it. An endless debt that never goes away until paid. Never talked about, debated or voted on directly, but has had horrific effects on American families and their children for decades. Tyranny...there is no other term for this.

These kinds of things must be forbidden when the Constiution is revised.


My proposed changes in the coming Convention of the States:

Clarifications and changes to the powers of the Legislative Branch.


(1) All members of Congress are required to fully read each Bill and 

all Amendments, in full view of Congress, before voting on them. Any 

member who fails to do so shall be subject to confirming investigation 

and permanently barred from public office by the Vice President or 

the Speaker of the House.

(2) Amendments to a subject Bill are limited to the the scope of the Bill

itself. One subject per Bill.

(3) Congress shall have no ability to exempt themselves from legislation.

(4) There shall be lifetime limits of 20 years service for the Senate

and the House of Representatives.

(5) Federal Funding granted to any state is limited to 10% of that states 

last budget minus previous funding.

(6) Taxation can only be applied to consumption, ie. a national sales tax. This is a single tax

and there can be no other tax. Congress controls only the tax percentage.

(7) Congress is a part-time job, limited to one meeting per Month over a weekend, outside of emergencies.

NOTaREALmerican's picture

I believe them.

If you can't trust the US government, who can you trust?

McMolotov's picture

"Believe nothing until it has been officially denied."

Ascend's picture

Do they think their power provides immunuity from the laws of the universe? 

icanhasbailout's picture

This is capital-T Treason.

Spumoni's picture

I smell sump'n funny 'round here...smells like...................buuuuuullshit.


Every American citizen strike beginning 14 November 2014. 

Spumoni's picture

Oh James, bring my Wellies...there's a good lad...and a noseclip!

WhiteWolf's picture

It will come to you and your last vote..I mean bullet.  MAKE IT COUNT RIGHT SQUARE IN THE FOREHEAD OF AN OR A AGENT OR SPOOK.

WhiteWolf's picture

Preferably AN IRS AGENT

Chuck Knoblauch's picture

Feign incompetence when caught in a lie is the scumbag's textbook response.

cynicalskeptic's picture

Though government s notoriously incompetent, I noticed that they're actuially VERY good at doing certain things when it is to their benefit.  They're VERY good at blackmailing politicians and eliminating those who are not suisceptible to such pressure.  

'Feigning' incompetence is right because I really really doubt that there's a Sgt. Schultz level of  "I know NOTHING...." at work with these guys.   

firstdivision's picture

Until Snowden releases that slide

Doubleguns's picture

He becomes a bigger hero every day.

PT's picture

For those who need an explanation:

I've made similar mistakes myself. 

seek's picture

As have I. I've also submitted one-line kernel patches that have had probably 20 time more review than this did, so I think it's just a typical mistake that was missed by a woefully underfunded open source project.

Kind of ironic everyone is pissed about OpenSSL when you've got billion dollar companies using the software for free without having given it a single dime in funding or minute of their own developer's time and then being shocked that a bug got through review.

PT's picture

Mind you when writing string checkers, you usually check the lengths before you bother to do anything else, and there's no reason to let the user tell you what those lengths are.

PT's picture

You know, machine code is easy, machine code is fun, but it can be reeeeeeeeallly difficult getting hold of the vital little bits of information that you need.

Throughout my life there have been many people who asked me, "Why would you want to re-invent the wheel?" and they would look at me accusingly and I would look at them and think they just don't get it.  I was too taken aback to tell them that problems occur when someone else's wheel is a chair castor or a bicycle wheel and what you actually want is a set of mags for your V8.  Right now I want to round up all those fuckers and say, "SEEEEEEEE!!!!!!!!!  YOU STUPID FUCKWIT!  THIS IS WHAT HAPPENS WHEN YOU BRAINLESSLY TRUST SOMEONE ELSE'S WHEEL!!!!!!!!"




Aaah, good to get that off my chest.  I might do it again some time.


comob's picture

Thank you for clearing that up Keith Alexander,

your integrity, just like your appointment, is unimpeachable.

pupdog1's picture

Backed by the full faith and credit of General Clapper.

Doubleguns's picture

Thats right He would not lie to us. 


Clapper is just being more careful.