The Obama administration is denying that the National Security Agency or any other part of the government knew about a flaw in the way that many websites send sensitive information, known as the Heartbleed bug, before it was discovered earlier this month.
“Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong,” White House National Security Council spokeswoman Caitlin Hayden said in a statement released late Friday afternoon.
The federal government, she said, was not aware of the recently identified vulnerability, one of the biggest Internet bugs affecting the basic security of a large swath of the world's websites.
“This administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet,” she said. “If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”
OpenSSL is a piece of free software created in the mid-1990s that most companies and governments still use.
Hayden's statement directly conflicts with a Bloomberg report posted earlier Friday afternoon that contends that the NSA knew about Heartbleed for at least two years and regularly used it to gather critical intelligence. The report cites “two people familiar with the matter.”