Skip to comments.The Obamacare Security Nightmare: It Gets Worse
Posted on 02/05/2014 4:09:05 AM PST by Kaslin
Fraudsters on the inside, hackers on the outside. Here we are, stuck in the middle with the security nightmare called Obamacare. Can it get any worse? Yes, it can.
After the spectacular website crashes during last fall's federal health insurance exchange rollout, enrollees will soon wish the entire system had stayed down and dead. "404 Error" messages and convicted felon Obamacare navigators may be the least of our health care tech problems now. The latest? U.S. intelligence agencies notified the Department of Health and Human Services last week that the Healthcare.gov infrastructure could be infected with malicious code.
Who's responsible? Washington Free Beacon national security reporter Bill Gertz writes that U.S. officials have "warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected" of possible sabotage. A government tech bureaucrat in the Belarusian regime bragged last summer on Russian radio that HHS is "one of our clients" and that "we are helping Obama complete his insurance reform."
Gulp. When an authoritarian minion from the country known as "Europe's last dictatorship" boasts about "helping" the Obama White House, be afraid. One of our intel people spelled it out for Gertz: "The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks."
No kidding. The friends of Vladimir Putin are not our friends. If you've been paying attention, you know that Belarus and other Eastern European hacking gangs have been at the center of several recent international cybercrimes. These aren't merely schemes to steal credit card numbers or vandalize websites with annoying graffiti. They're acts of espionage and sabotage -- like using malware in a phishing scheme aimed at White House employees to gather military intelligence and pilfer sensitive government documents.
It's not just the federal health care system's problem. Former Obamacare website contractor CGI still holds dozens of contracts with other federal agencies and state governments worth billions of dollars -- and wide access to health and financial data. In my state of Colorado, for example, CGI has a $78 million contract to "modernize, host and manage" the state's financial system. Have they checked to see whether Belarus hackers are standing by?
For their part, Obamacare officials are making their usual "don't worry about it, the problem's under control" noises. But we already know the problem is far out of control. Last month, GOP oversight hearings exposed persistent failures by Obamacare overseers to fix security lapses.
Former most-wanted cybercriminal Kevin Mitnick concluded in a letter to Capitol Hill: "It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise." If the latest warnings from our intel agencies are any indication, it appears that Obamacare Keystone Kops didn't just leave out security protections, but also may have allowed foreign programmers to write in cyber-traps.
David Kennedy, head of computer security consulting firm TrustedSec LLC and a former cybersecurity official with the National Security Agency and the U.S. Marine Corps, warned that "Healthcare.gov is not secure today" and said nothing had changed since he gave Congress that assessment three months before. Among the vulnerabilities that the Obama administration still hasn't fixed:
--TrustedSec "identified the ability to enumerate user information (first, last, email, user id, profile, etc.) through one of the sub-sites that directly integrates into the healthcare.gov website."
--"Tens of thousands of user-based data appears to be vulnerable on the specified website and has not been addressed. There are a number of other exposures that have been reported privately that continue to expose users of the healthcare.gov website."
--Another exposure identified is "the ability to perform an open redirect." In fact, "there are multiple open redirects still vulnerable on the healthcare.gov website and supporting sub-sites." What this means is that "an attacker can send a targeted email to an individual that has signed up for healthcare.gov or is looking to and have it appear valid and legitimate and originate from the healthcare.gov website." These can open avenues so that victims click on links "redirecting to a malicious website that hacks the computer and takes complete control over it."
Out: "Got Covered?" In: "Got Hacked?"
“This is my last election. After my election I have more flexibility.”
I remember that and I knew right then that he was planning to steal the election
“written in part in Belarus by software developers under state control”
If true, just another reason Obama needs to be impeached and imprisoned. Why Not AMERICAN. Why all the foreign labor force. Maybe this is another friend of Mooschel.
Since yesterday afternoon, Google chrome suffers from an open redirect such that everytime i click on a Free Republic article, an add pops up, a big ad covering half the screen.
I have carefully reviewed all the programs but can’t find a new one. I also can’t find anything on google chrome to delete to get rid of it.
Although I carefully checked before loading, I think it came in with new soft ware that converts a .jpg to .pdf
Sorry, but this would be one of the least reasons to impeach him and would be laughed out. There are over 100 reasons to impeach him but this is not one of them
Can you restore to a date earlier than the suspected incursion point?
LOL...you’re right... I Know...but I’m looking for ANY reason. This idiot is killing this country.
The article is vague, but my guess is we are not talking about outside “hacking”, but back doors for criminal access to identity and financial data, deliberately integrated into the original code by CGI subcontractors in Belarus. Likely, the US taxpayers/lenders indirectly PAID them for the privilege. The whole massive software package cannot be trusted or redeemed without line by line review. This is potentially an enormous issue, yet a four-hour traffic snarl in NJ dominates the news.
Our able Congress (s/) needs to investigate security policies regarding who was allowed to author code for the website (and any related software the public doesn’t know about), how well this was policed, the identity of every software engineer involved, and the extent of CGI’s financial responsibility for the consequences.
DIMs/LIBs “in charge”. Bwaaaaaaahahahahahahahahahahahahahahaha. These bums should be in prison for their many, many crimes.
...And they let the little islamist destroy America. The End.
How about putting every member of the Regime and Congress private info in Healthcare.Gov and see how well it works for them relative to identity fraud and if their information getting stolen by thieves within the first half hour??
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
Yes, there's no need to hack if you're already inside kicked back in the Lazy Boy and snacking on Cheetos. But, hey, out sourcing is a good thing, right? I mean, we outsourced our POTUS and look how that's worked out.
always good to have those foreign malware experts doing jobs Americans won’t do
“These bums should be in prison for their many, many crimes.”
Cleaning the national cesspit might require a Million Guillotine March.