Author Topic: The Obamacare security nighmare: It gets worse  (Read 884 times)

0 Members and 1 Guest are viewing this topic.

rangerrebew

  • Guest
The Obamacare security nighmare: It gets worse
« on: February 07, 2014, 12:00:26 pm »

The Obamacare Security Nightmare: It Gets Worse

Michelle Malkin  —   February 7, 2014 
 
   
Fraudsters on the inside, hackers on the outside. Here we are, stuck in the middle with the security nightmare called Obamacare. Can it get any worse? Yes, it can.

After the spectacular website crashes during last fall’s federal-health-insurance-exchange rollout, enrollees will soon wish the entire system had stayed down and dead. “404 Error” messages and convicted-felon Obamacare navigators may be the least of our health-care tech problems now. The latest? U.S. intelligence agencies notified the Department of Health and Human Services last week that the HealthCare.gov infrastructure could be infected with malicious code.

Who’s responsible? Washington Free Beacon national-security reporter Bill Gertz writes that U.S. officials have “warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected” of possible sabotage. A government tech bureaucrat in the Belarusian regime bragged last summer on Russian radio that HHS is “one of our clients” and that “we are helping Obama complete his insurance reform.”

Gulp. When an authoritarian minion from the country known as “Europe’s last dictatorship” boasts about “helping” the Obama White House, be afraid. One of our intel people spelled it out for Gertz: “The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks.”

No kidding. The friends of Vladimir Putin are not our friends. If you’ve been paying attention, you know that Belarus and other Eastern European hacking gangs have been at the center of several recent international cybercrimes. These aren’t merely schemes to steal credit-card numbers or vandalize websites with annoying graffiti. They’re acts of espionage and sabotage – like using malware in a phishing scheme aimed at White House employees to gather military intelligence and pilfer sensitive government documents.

It’s not just the federal health-care system’s problem. Former Obamacare website contractor CGI still holds dozens of contracts with other federal agencies and state governments worth billions of dollars – and wide access to health and financial data. In my state of Colorado, for example, CGI has a $78 million contract to “modernize, host and manage” the state’s financial system. Have they checked to see whether Belarus hackers are standing by?

For their part, Obamacare officials are making their usual “don’t worry about it, the problem’s under control” noises. But we already know the problem is far out of control. Last month, GOP oversight hearings exposed persistent failures by Obamacare overseers to fix security lapses.

Former most-wanted cybercriminal Kevin Mitnick concluded in a letter to Capitol Hill: “It’s shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise.” If the latest warnings from our intel agencies are any indication, it appears that Obamacare Keystone Kops didn’t just leave out security protections, but also may have allowed foreign programmers to write in cyber-traps.

David Kennedy, head of computer-security consulting firm TrustedSec LLC and a former cybersecurity official with the National Security Agency and the U.S. Marine Corps, warned that “HealthCare.gov is not secure today” and said nothing had changed since he gave Congress that assessment two months before. Among the vulnerabilities that the Obama administration still hasn’t fixed:

TrustedSec “identified the ability to enumerate user information (first, last, email, user id, profile, etc.) through one of the sub-sites that directly integrates into the healthcare.gov website.”

“Tens of thousands of user-based data appears to be vulnerable on the specified website and has not been addressed. There are a number of other exposures that have been reported privately that continue to expose users of the healthcare.gov website.”

Another exposure identified is “the ability to perform an open redirect.” In fact, “there are multiple open redirects still vulnerable on the healthcare.gov website and supporting sub-sites.” What this means is that “an attacker can send a targeted email to an individual that has signed up for healthcare.gov or is looking to and have it appear valid and legitimate and originate from the healthcare.gov website.” These can open avenues so that victims click on links “redirecting to a malicious website that hacks the computer and takes complete control over it.”

Out: “Got Covered?” In: “Got Hacked?”

http://www.aim.org/guest-column/the-obamacare-security-nightmare-it-gets-worse/
« Last Edit: February 07, 2014, 12:01:14 pm by rangerrebew »

Oceander

  • Guest
Re: The Obamacare security nighmare: It gets worse
« Reply #1 on: February 09, 2014, 04:42:47 pm »
Security measures should be written first, and made iron-clad, before the rest of any sensitive system is built.  In other words, security should form the skeleton on which the meat of the system depends, and not a mere gloss - fingernail polish - applied after the fact to such a system.

Offline Relic

  • Hero Member
  • *****
  • Posts: 4,967
  • Gender: Male
Re: The Obamacare security nighmare: It gets worse
« Reply #2 on: February 10, 2014, 12:45:29 am »
The media doesn't care about this. Obamacare is a great thing, and you'll hear about it leading up to the election. Anyone hacked because of the healthcare.gov website will be ignored. We won't know the true toll of damage this thing causes.

Offline Chieftain

  • AMF, YOYO
  • Hero Member
  • *****
  • Posts: 9,621
  • Gender: Male
  • Your what hurts??
Re: The Obamacare security nighmare: It gets worse
« Reply #3 on: February 10, 2014, 01:00:37 am »
Security measures should be written first, and made iron-clad, before the rest of any sensitive system is built.  In other words, security should form the skeleton on which the meat of the system depends, and not a mere gloss - fingernail polish - applied after the fact to such a system.

yah...woulda, coulda, shoulda....all of the things that ought to have been done beforehand.  As I understand this particular threat, the issue is that HHS isn't smart enough about code to know if there was some kind of back door built into this or not.

What a deal!


Oceander

  • Guest
Re: The Obamacare security nighmare: It gets worse
« Reply #4 on: February 10, 2014, 01:38:22 am »
yah...woulda, coulda, shoulda....all of the things that ought to have been done beforehand.  As I understand this particular threat, the issue is that HHS isn't smart enough about code to know if there was some kind of back door built into this or not.

What a deal!



woulda coulda shoulda indeed.  One of the big problems with a back-door created by the original coders is that its operation is virtually impossible to detect because it's part of the original code, not an engrafting of malware from somewhere else, and so when it's functioning the software is simply doing what it's supposed to do as written.

Offline Bigun

  • Hero Member
  • *****
  • Posts: 51,331
  • Gender: Male
  • Resistance to Tyrants is Obedience to God
    • The FairTax Plan
Re: The Obamacare security nighmare: It gets worse
« Reply #5 on: February 10, 2014, 02:11:43 am »
Not a programer so all I know is that you won't find me going anywhere near healthcare.gov!
"I wish it need not have happened in my time," said Frodo.

"So do I," said Gandalf, "and so do all who live to see such times. But that is not for them to decide. All we have to decide is what to do with the time that is given us."
- J. R. R. Tolkien

Offline 240B

  • Lord of all things Orange!
  • TBR Advisory Committee
  • ***
  • Posts: 25,960
    • I try my best ...
Re: The Obamacare security nighmare: It gets worse
« Reply #6 on: February 10, 2014, 02:42:01 am »
Not a programer so all I know is that you won't find me going anywhere near healthcare.gov!

I am a programmer and will never ever go to that site. I would rather deal with a Nigerian Prince than give all my information to Obama. (well, it is really kind of the same thing isn't it?)
 
Eventually they will send the SWAT team to my house and force me to enroll. Until then, I'm not going anywhere near it.
You cannot "COEXIST" with people who want to kill you.
If they kill their own with no conscience, there is nothing to stop them from killing you.
Rational fear and anger at vicious murderous Islamic terrorists is the same as irrational antisemitism, according to the Leftists.