Usually, the leaks on cryptome are credible. In 2007 an alledged NSA Ip table wa

1. Usually, the leaks on cryptome are credible. In 2007 an alledged NSA Ip table was posted there: http://cryptome.org/0001/nsa-ip-update14.htm
2.  
3. In 2014, somebody reported to be attacked from these IP's http://cryptome.org/2014/03/nsa-zologize.htm with a script called "Zologize" (which means collecting bugs and would fit to the earlier naming shemes of the nsa, with codenames such as "Feret-Cannon", "Fox-Acid" or "Flying Pig").
4.  
5. The Ip table on cryptome contains the following entry: ""193.0.0.0 - 193.255.255.255 (subranges are NSA-affiliated and/or NSA fully-controlled)""
6.  
7. And in this range are exactly the IPs 193.104.110.12 and 193.104.110.20 that are now reported by the electronic frontier foundation as abusing the openssl heartbleed bug months before it became publicly known.
8.  
9. To all this, it fits that EFF reports these IPs as belonging to a botnet which was previously spying on freenode https://botmonitoring.github.io/
10.  
11. This is at least some hint that the nsa knew and abused this bug since months, giving them the ability to read 70% of all encrypted internet communication. It also can be seen as some hint indicating that the early Ip table on cryptome was correct.