Lavabit case undermines claims NSA had Heartbleed early

Lavabit case undermines claims NSA had Heartbleed early

Summary: If the NSA really did have Heartbleed "for years" as was claimed recently by Bloomberg news, they wouldn't need to go after Lavabit. They wouldn't even want to.


When I first read the claims by Bloomberg News that the NSA had access to the Heartbleed bug "for years" I was immediately suspicious. It had only been two years since the code had been released as part of OpenSSL. Yes, the NSA might have had it from earlier builds but it all sounded fishy, not least because it would have made them way more knowledgeable than they appear to be.

Today I feel even more confident in my skepticism having been reminded of the case of Lavabit, which was served a subpoena for its SSL keys when the government found out it was Edward Snowden's email service. Lavabit refused, was fined and ordered to produce the keys, but didn't do so until they shut down their service. Today they just lost their appeal to the Fourth Circuit Court of Appeals for reasons unrelated to technology or even the arguments they made on appeal, but basically for bad lawyering.

If the NSA already had Heartbleed they wouldn't need Lavabit's cooperation. They would have the keys and would be able to decrypt all Lavabit email. The government wouldn't want to cause any legal troubles for Lavabit but to allow it to continue functioning and its users to continue communicating, comfortable in their illusion of privacy.

Another suspicious point now is that none of the journalists with whom Snowden worked, the ones who have access to the data he dumped, have made this claim yet. This is surprising since it would be an order of magnitude more spectacular than any other claim they have made so far. In fact, it would make many of their other practices, which have caused so much controversy, unnecessary.

Because it's relevant, I should point out that this Ars Technica interview with Lavabit owner Lars Levison specifically states that he used OpenSSL for his cryptography.

I'm sure Bloomberg didn't make it up which means either their two anonymous sources were making it up or were mistaken. Either way it's pretty embarrassing.

The moral of the story, as I see it, is that you shouldn't assume that the NSA (or any other agency of government) is particularly omniscient or that it has powers beyond what is reasonable. They certainly want to be omniscient, but even their budget is inadequate to the task. Further proof of this is that we know that the security at Lavabit was, in fact, poor. They didn't even need Heartbleed to get at Lavabit, they just needed to look at it critically. How all-powerful can they really be?

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Misconception of Heartbleed

    Author must have a misconception of how Heartbleed works. You don't just Heartbleed up a server and pick what you want to extract from it. It's based on luck. I'm more inclined to think that the NSA never got lucky enough with Lavabit to extract its SSL keys, got tired of not getting lucky, and just went through the courts. The NSA wanted the keys badly, and knew that relying on random chance wasn't going to cut it in this case. Besides, with the current administration, they could openly admit to hacking into every American's email and recording every American's phone calls and still not have any immediate repercussions.
    • It's not so hard if you have resources

      Within hours of putting up a Heartbleed challenge server two people had captured the keys. It's not luck, it's a matter of a high-volume of attempts overwhelming the odds
      • Integrity

        Larry, if you read my comments below, you should know you need to retract or correct this story.

        Unless you can prove both:
        1) That Lavabit was running a vulnerable version of openssl.
        2) They hadn't made any compile time changes such as disabling the heartbeat functionality via the -DOPENSSL_NO_HEARTBEATS compilation flag.

        ...then there is no evidence exonerating the NSA here. It is at least possible they knew about and were exploiting Heartbleed but were unable to use it to any effect against Lavabit.
        • Still no update to the story

          Is anyone there? Hello...
          • Irresponsible

            I guess you are just throwing random crap out on the internet with no regard for whether or not it is grounded in reality.

            I'd say that's poor journalism, but perhaps that is too much credit.
    • And they would have worked on it already

      Lavabit was famous as the sort of place an Edward Snowden or a terrorist would go for email, so the NSA would have worked on cracking their keys well in the past if they had Heartbleed "for years"
    • OK,

      That, and the fact that if the NSA finds anything useful through heartbleed, they would never use it directly to show everyone they are extracting info from an open SSL flaw

      They are not about to tip their hand and would instead go through the Court to get the info they already have but cannot use without incredible backlash

      I am inclined to believe that if the NSA finds anything useful through heartbleed, they pass that info along as an anonymous tip or as a protected informant
    • I don't think AnomalyTea understands how Heartbleed works.

      It has already been shown getting the keys is possible and luck favors, not the house, but the player.
  • Faulty reasoning

    Unless you know what version of openssl Lavabit was running, you can't say whether or not they were vulnerable to Heartbleed.

    Even Apple only avoided being vulnerable through dumb luck, as they are still using an old version of the library.
    • Also

      Even if they were running a vulnerable version, it's still possible they had the heartbeat functionality turned off. It's configurable through a compiler flag, and some people do actually compile their own software...

      So...Lavabit's situation says absolutely nothing about the NSA's access to Heartbleed.
  • faulty reasoning Mark II

    as OOBE points out, why tip your hand if you (NSA) are using HeartBleed?
    dem guys ain't dummies, regardless of agenda.
  • Why not read the article?

    Mr Seltzer, you state in you first paragraph "...I was immediately suspicious. It had only been two years since the code had been released as part of OpenSSL. Yes, the NSA might have had it from earlier builds but it all sounded fishy...".

    The first sentence of the article to which you kindly link: "The U.S. National Security Agency knew for at least two years...". Read a bit further, and you'll find "The Heartbleed flaw, introduced in early 2012...".

    Please read the article before writing about it. As for the gaping holes in your logic, I think they have been largely explained by previous commenters. Apart from the technical arguments about the NSA's capabilities vs. Lavabit's implementation, you have assumed that spies are generally about as dumb as planks - and that Edward Snowden got information about every program the NSA has run up to the day he flew to Hong Kong - or even later.

    Don't assume your readers know even less about your subject of choice than you, and don't assume that they can't click on links.
  • Perhaps...

    Perhaps the NSA didn't know about Heartbleed like you suggest.

    Or, perhaps they *did* know, but they chose not to use it? As others have suggested, you don't want to tip your hand for no good reason. I wrote my response before I read the other comments...drat...Ninja'd!

    Perhaps yet again they did know but they *couldn't* use it? Again, as other have suggested maybe the version of OpenSSL he used wasn't vulnerable for any multitude of reasons.

    If you're the NSA, you don't aim your best resources (something like heartbleed) and risk giving yourself and your resource away unless you're darn sure it's going to be worth it. Maybe it just wasn't worth it to use in this case, or they couldn't use it because he wasn't susceptable?

    Just becuase they didn't use this attack against Levison certainly does not equate to them not having known. I don't know if I'd say it even tips the scales in that direction IMHO.