The National Security Agency flatly denied Friday a report that it has been aware for years of the Heartbleed computer glitch wreaking havoc on computer security around the world.
“NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report. Reports that say otherwise are wrong,” NSA spokesperson Vanee’ Vines told TIME.
Earlier Friday, Bloomberg News published a report citing two anonymous sources alleging that the eavesdropping agency was aware of the Heartbleed glitch for at least two years before it was made public. Heartbleed is widely seen as one of the most significant computer security flaws in the history of the Internet and the NSA drew fierce criticism over the allegation that it failed to report the existence of the flaw and instead exploited it for spying ends.
“The NSA’s purpose is to protect Americans,” said PATRIOT Act author Rep. Jim Sensenbrenner (R—Wisc.). “But if media reports are accurate, rather than fixing the Heartbleed bug, the NSA exploited it to gather information, leaving Americans vulnerable to cyber-attacks. Once again, the NSA proved blind to the interests of every day Americans in its single-minded pursuit of information.”
The National Security Council also issued a public denial Friday that the NSA had prior knowledge of Heartbleed. “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong,” NSC said in a statement.
More Must-Reads from TIME
- Donald Trump Is TIME's 2024 Person of the Year
- Why We Chose Trump as Person of the Year
- Is Intermittent Fasting Good or Bad for You?
- The 100 Must-Read Books of 2024
- The 20 Best Christmas TV Episodes
- Column: If Optimism Feels Ridiculous Now, Try Hope
- The Future of Climate Action Is Trade Policy
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com