Topic: Heartbleed

The National Cybersecurity and Communications Integration Center (NCCIC) is described as the central interface for cyber threat mitigation. Secretary Jeh Johnson claims the agency handled 97,000 incident reports and issued 12,000 alerts in 2014. The segment mocks the agency's "house calls" to private companies and its role in mitigating vulnerabilities like Heartbleed and Shellshock.

NSA Director Admiral Mike Rogers claimed during a Stanford talk that the agency discovered the "Heartbleed" vulnerability and shared the patch with the private sector within 24 hours. This contradicts the public narrative that Google researcher Neel Mehta discovered the bug. The hosts suggest the NSA allowed Google to take credit to maintain a "fundamentally strong internet" while hiding the agency's involvement.

The "Heartbleed" security bug was branded with a professional logo by the security firm Codenomicon, which the hosts claim was plagiarized from the artist Danger Mouse. They also question how Canadian police were able to arrest a 19-year-old for exploiting the bug if the vulnerability supposedly leaves no logs or traces.

Bloomberg News reported that the NSA was aware of the Heartbleed bug for at least two years and exploited it for intelligence gathering. The NSA and the White House issued rare, flat denials, stating their policy is to disclose major vulnerabilities to the public. The hosts analyze the conflicting reports, questioning why the NSA would need such a bug given their existing surveillance capabilities.

The discovery of the Heartbleed bug by security firm Codenomicon and Google researcher Neel Mehta is scrutinized for its suspicious timing and connections to government spooks. Howard A. Schmidt, a former White House cybersecurity coordinator, serves as the chairman of Codenomicon, while Mehta has ties to the Freedom of the Press Foundation. The hosts question the "coincidental" simultaneous discovery of a two-year-old bug by two separate entities.

Attorney Alicia Hutnick appeared on Al Jazeera to discuss the Heartbleed bug, providing what the hosts characterize as professional spin and technically inaccurate information. Hutnick claimed the bug left no "breadcrumbs" and downplayed its impact on military infrastructure. The hosts argue that such media appearances are designed to run interference for the NSA and confuse the general public about data security.

Congressman Peter Welch is promoting the "Intelligence Budget Transparency Act" to force the disclosure of the total dollar amounts spent by the 17 US intelligence agencies. The hosts discuss the "Heartbleed" bug in OpenSSL, questioning why the open-source community failed to catch a vulnerability that existed for two years. They suggest the NSA likely exploited the bug for years while ignoring its potential for domestic harm.