The biggest internet security breach in history can be credited to one man: Robin Seggelmann.
The 31-year-old Germany-based computer programmer is responsible for “Heartbleed,” the Internet bug that has compromised personal and Internet security worldwide.
“I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” Seggelmann told the Sydney Morning Herald. “In one of the new features, unfortunately, I missed validating a variable containing a length.”
Put simply, it was an innocent coding error he overlooked.
The code that released the bug was written New Year’s Eve 2011 by Seggelmann at 10:59 p.m.
The site Linuxtag.org features an entry of Robin Seggelmann. A section titled ‘Data Sheet’ reads:
A day is perfect for me, if …
… a problem has been solved.
It really annoys me, when …
… a bug was fixed after hours and hours of trouble shooting, only to stumble upon the next bug.
Even UK OpenSSL consultant Dr. Stephen Henson managed to overlook the error upon review.
Seggelmann claims that the error was unintentional, telling Fairfax Media, “It’s tempting to assume that, after the disclosure of the spying activities of the NSA and other agencies, but in this case it was a simple programming error in a new feature, which unfortunately occurred in a security-relevant area.”
“It was not intended at all, especially since I have previously fixed Open SSL bugs myself, and was trying to contribute to the project,” he added.
READ MORE: Federal public websites disabled due to bug
Seggelmann is a contributor to Internet Engineering Task Force (IETF), a not-for-profit organization dedicated to making the Internet work better. A year after creating the bug, he submitted his PhD thesis, “Strategies to Secure End-to-End Communication,” to the University of Duisburg-Essen.
OpenSSL is an open Internet set of libraries used for encryption. This means that OpenSSL projects are open to others to contribute. It is a small company run by 13 volunteers and is considered to be one of the Internet’s most important sources. And because no one owns the code, no one is liable, says the Sydney Morning Herald.
Dr. Michael Tuexen supervised Seggelmann’s thesis, and came to his defence. He told Fairfax Media: “Please note that he initially also fixed several bugs in the OpenSSL. Most of the submitted patches were finally accepted by the project. So adding the feature was not his first patch. Unfortunately, this patch contained the bug.”
Seggelmann has worked for Deutsche Telekon IT services subsidiary T-Systems, one of Germany’s largest consultant agencies as a solution architect.