Has the NSA Been Using the Heartbleed Bug? (opens in new tab)

One point that sometimes comes up in these conversations--but frankly I think not often enough--is that the NSA does not have a monopoly on the world's brightest engineers and mathematicians: if the NSA knows of a bug, one has to wonder if China, or Russia, also has access to the same bug. The ramifications of this would be the NSA not only being able to see other people's secure traffic, but the potential for our traffic to be intercepted and decoded: this is not, as far as I understand, a win condition for the NSA. I could see the FBI being all for "the world has no secrets anymore", but the NSA has a different agenda.

This is a fundamentally different situation than a backdoor in a parameterized encryption standard, such as ECDSA (which is often referenced in these discussions): there, only the people who built the backdoor can use the backdoor. Here, the backdoor exists in a shared resource, waiting for others--including your enemies--to take advantage of; that's quite a risk, and unless you've been seeing some weird behavior--such as the NSA distributing heartbeat-disabled builds of OpenSSL for any potential government usage--I think it is a horrible stretch to believe that they've been sitting on this bug (or even having themselves planted the bug), using it as the long-term surveillance means that some people seem to be want to believe.

Frankly, the fact that they've been logging SSL traffic is enough: for systems without perfect forward security, if they don't already have the keys through other means, they just wait for an opportunity like yesterday and then attempt to quickly get the keys they want. I would almost go so far as to claim the NSA was being negligent in their strategy (not that I like this strategy, mind you) if they didn't follow through to that point. But I just don't see it as being rational to believe the NSA is willing to make our own country's secrets less secure if they are seeing benefits using the bug against others; if anything, I could see them trying to secretly (so as not to tip their hand as having had any advanced notice) fix the bug (after using it for a short time period to pull a bunch of keys, of course ;P).

The NSA has been squirreling away tons of intercepted https traffic. A week ago it would have seemed as if they were doing so in the hopes of future changes. Either cryptographic advacements, or private keys revealed due to intrusion or court order or what-have-you. Even so it seemed a remarkably weird thing to do. Today, in the light of heartbleed it makes perfect sense, and I think the idea that the NSA has been ubiquitously making use of the vulnerability has to be on at least even footing with the alternative.

For the sake of argument, swap out 'NSA' for any large state actor - it's silly to ask this specifically of the NSA and most of the attention is around them because of the Snowden leaks.

Now, would a large state actor involved in offensive black hat hacking have known of heartbleed? I think the answer is likely yes.

Any decently funded team with a dozen good auditors to commit to the project would be watching popular open source projects like openssl, linux, chromium, firefox, apache, nginx, gnupg, openssh, boost, gmp, berkeley db, qt, gtk, etc.

For this part of the project, you only have to grep for low hanging fruit in each new patch that is released for each project, that is usage of: gets, scanf, strncpy, strncat, memcpy etc (or the equivalents for each project that has wrappers or handling functions).

Any large state actor with any decent team running such a project would have discovered heartbleed within days of it being committed. They also would have discovered a lot of other bugs that we either don't know about yet or have fixed.

With heartbleed the state actors are kicking themselves either way: either because they didn't know about the bug and missed it, or they did know about the bug and now can no longer use it as effectively.

"They" (and you can include black hat groups that don't disclose in this as well) combined likely have more resources dedicated to uncovering these bugs than what the open community does, and it might be an order of magnitude larger.

When you think about this further, you realize that the state actors having discovered heartbleed or not doesn't matter - what does matter is that they do have a lot of exploits that we don't know about and it has been confirmed that they are not only looking for these bugs and have a lot of people working on it, but are actively discovering them, using them and purchasing them on the market.

The response to this shouldn't be heartbleed specific - it should be what do "we" do to stop "them" from discovering and using exploits from open source and projects. There needs to be a heck of a lot more effort or a whole new approach to defeat the level resources that are out there dedicated to uncovering and not disclosing these exploits.

The best thing that could have happen did happen: heartbleed was discovered and it was disclosed, and a hell of a lot of people are now more aware of just how frail some of this infrastructure is and what the risks are.

I would take anyone for a fool who thought the NSA hasn't been using heartbleed.

Would the NSA be interested in knowing the security flaws of popular opensource programs that could be used for attacks?

Has the NSA ever used a 0day to access a machine they were interested in?

Are the people that work for the NSA likely to be smart enough to realise the NSA's upside in finding security flaws and not telling people about them?

Will the NSA have ever done a security review of popular opensource libraries?

I'm not begging the question. What we know is incomplete. However, answer those questions yourself and then imagine how you might answer those questions if you were rich, liked playing dirty, full of smart people, and in a position of power. That's as good a bet as any on what might have been going on.

My two cents: all that is needed is a small crack in security. I wouldn't bet on the internet being secure, because men and women are fallible and security is complex.

> And even on sites that were vulnerable, using the Heartbleed bug to find and grab the private keys stored on a server’s memory isn’t without problems.

Yeah, having to collect and process all that random data... I'm sure they gave up after a couple weeks.

No, I'm pretty sure they would do the only good thing and stored all that lost encrypted, traffic to return to the sender.

Can you imagine those guys doing anything remotely evil, like extracting metadata and data of anything they could get their hands on?

A rare example of Betteridge being wrong because in this case - Almost certainly yes.

They're usually a few years ahead of what gets published, so I'd assume yes.

I would think that the NSA would be opening themselves up to quite a firestorm if they were found to be exploiting this bug without saying a word about it. I very much doubt they were making use of this for the simple fact that, by not disclosing, they'd be allowing this gaping hole to potentially be used by "enemy" governments, which is the exact opposite of what they want.

Why bother? There are a million different ways to own servers available to the security services that require little to no expertise, from compromising the engineers, the physical servers, the CAs, or plain legal intimidation. Even if the NSA had heartbleed they wouldn't have needed to use it.

What we need to know is when a given system was patched, that would tell you who knew what when. Is the Google fork of OpenSSL publicly maintained? Has anyone identified the commit that introduced the "bug"?

The answer is, they are still using it. The spoil is not over. Even old keys are good. They can be used with the data they have already there in the basement.

Disclaimer: All characters and events appearing in my comment are fictitious. Any resemblance to real events or persons, living or dead, is purely coincidental.