According to two anonymous sources who told Bloomberg, NSA didn't just know about the Heartbleed bug. They used it to gather intelligence. By now, we shouldn't be too shocked if this was real.
The spy agency has used a plethora of tricks to spy on everyone on the Internet in the past, but the NSA declined to comment on the Heartbleed issue. The Bloomberg report hits at a time when the agency is undergoing some intense scrutiny.
Heartbleed refers to a flaw in OpenSSL. A flaw in the coding was left unnoticed for years. Except by the NSA of course.
But Heartbleed is apparently not the only vulnerability the NSA's been exploiting. Bloomberg
reports:
Currently, the NSA has a trove of thousands of such vulnerabilities that can be used to breach some of the world's most sensitive computers, according to a person briefed on the matter. Intelligence chiefs have said the country's ability to spot terrorist threats and understand the intent of hostile leaders would be vastly diminished if their use were prohibited.
The NSA of course is saying that the reports are "wrong". [
Bloomberg,
Gizmodo]