The Heartbleed bug: Insecurity repackaged, rebranded and resold

Abstract

The emergence of a post-industrial information economy shaped by and around networked communication technology has presented new opportunities for identity theft. In particular, the accidental leakage or deliberate harvesting of information, via either hacking or social engineering, is an omnipresent threat to a large number of commercial organisations and state agencies who manage digital databases and sociotechnical forms of data. Throughout the twenty-first century the global media have reported on a series of data breaches, fuelling anxiety among the public concerning the safety and security of their personal and financial data. With concern outpacing reliable information, a reassurance gap has emerged between the public’s expectations and the state’s ability to provide safety and security online. This disparity presents a significant opportunity for a commercial computer crime control industry that has sought to position itself as being able to offer consumer citizens the antidotes for such ills. This paper considers how neoliberal discourses of cybercrime control are packaged, branded and sold, through an examination of the social construction of the Heartbleed bug. It demonstrates how security company Codenomicon masterfully communicated the vulnerability, the product of a simple coding error, through its name, a logo and an accompanying website, in turn shaping news coverage across the mainstream media and beyond.