Image 01 Image 03

Healthcare.gov cybersecurity codename should have been “Swiss Cheese”

Healthcare.gov cybersecurity codename should have been “Swiss Cheese”

The House Science, Space, and Technology Committee held a hearing yesterday on the cyber security of the healthcare.gov website. The prepared testimony is available on the Committee’s website.

The testimony of so-called “white hat hacker” David Kennedy reflected the findings in a report from TrustedSEC, LLC (full report embedded at bottom of post) which concluded:

What this analysis shows us is that as an attacker, there are known exposures in the healthcare.gov
website today that could lead to significant compromise of the website and information. Additionally, the website is integrated into multiple agencies including some of the largest collections of United States citizen data – this includes the Internal Revenue Service (IRS) and other federal agencies.

Based on our evaluation of the website, we have serious concerns over the security of the website and the ability to protect information.

The testimony was featured on Greta:


ABC News further reports:

Cyber security experts told Congress today that the Obama administration should take Healthcare.gov offline until privacy vulnerabilities are addressed and detection capabilities are improved.

David Kennedy, a so-called “white hat hacker” who tests security flaws by hacking online systems to help identify weaknesses, warned that there are critical flaws and exposures “currently on the website that hackers could use to extract sensitive information.”

“The purpose of security isn’t to say, ‘Hey, we’re 100 percent impenetrable all the time,’ but can we detect the hackers in the very early stages of the life cycle of the attack, monitor that, and prevent the attacks from happening. And none of those are clearly being done on the Healthcare.gov website,” Kennedy said before the Science, Space and Technology Committee.

“Just by looking at the website, we can see that there is just fundamental security principles that are not being followed,” he said.

Kennedy demonstrated how hackers are attempting to exploit the website’s vulnerabilities to access personal information and testified that he believes the website has either already been subject to cyber attacks or will be hacked soon.

“We can actually enable their web cam, monitor their web cam, listen to their microphone, steal passwords,” he explained. “Anything that they do on their computer we now have full access to.”

Three of the four witnesses agreed that the Obama administration should take the site offline in order to address the security flaws.

“If you’re asking from a technology standpoint, it would be easier to start over again, lay a foundation of security and start from the beginning because security has to be the foundation of this site,” said Morgan Wright, CEO of Crowd Sourced Investigations, LLC.

The one dissenting witness, Dr. Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University, called for a security review of the system “to establish whether there’s a deep infrastructural problem” with the website.

TrustedSec Analysis of Healthcare.gov Security 11-15-2013

DONATE

Donations tax deductible
to the full extent allowed by law.

Tags:

Comments

Limburger would fit as well. It does have a pungent odor.

Holy Cyber Risk Batman!

I bet the Jokers are up to something, like paying for Christmas w/your data. Or, buying a new set of golf clubs or culling votes for 2014/16!

John McAfee’s apt and cheesy warning on Neil Cavuto’s show: “Obamacare is a hacker’s wet dream.”

http://youtu.be/5TCtLtzSe6I

In other news, large numbers of Nigerian princes have discovered they are eligible for Obamacare.

The solution may come via the private sector (twitter), from the private sector (sorta)

https://twitter.com/Official_SEA16/status/397110151292784640

2nd Ammendment Mother | November 20, 2013 at 10:52 am

You just have to shake your head…. mere mortals like Gates, Bezos and Zuckerburg would be sitting in Federal Prison for even contemplating some of this garbage.

Did the Obami kludge together a toxic website, full of security risks…????

Well, yeah. See, in the Obamabanana Republic, the middle class is just a target.

They don’t give a good crap about you or me.

And there is talk that this Swiss cheese site is in the same kitchen as other government private info. So it may pose a risk to other IRS data (for example), even beyond the info of people signing up.

They know the bridge is out, yet they still opened it, and still tell people to keep driving across.

Pay no attention to those racist hateful Republicans that don’t like our 50% built, over budget union bridge. Sure, we’ve never built a bridge before, but we’re working 24/7 to fix it, so leave us alone while we work out the kinks.”

Welcome to Obama’s transformed America.

This website is brought to you by,

Marxist Utopians

Warning: This website exists in theory only; real world application may be hazardous.

It seems like a knee jerk reaction to chalk this up to Obama’s inability to design a website…when the real issue here is cyber security, a topic that does not get nearly the airtime it deserves. I am sure there are plenty of private sector enterprises who have holes in there websites as well! I would encourage you to read how companies like OPSWAT are using multi-scaning to combat an ever growing malicious cyber world