LOL...NOT
The Obamacare Security Nightmare: It Gets Worse
Written By : Michelle Malkin
February 5, 2014
Fraudsters on the inside, hackers on the outside. Here we are, stuck in the middle with the security nightmare called Obamacare. Can it get any worse? Yes, it can.
After the spectacular website crashes during last fall’s federal health insurance exchange rollout, enrollees will soon wish the entire system had stayed down and dead. “404 Error” messages and convicted felon Obamacare navigators may be the least of our health care tech problems now. The latest? U.S. intelligence agencies notified the Department of Health and Human Services last week that the Healthcare.gov infrastructure could be infected with malicious code.
Who’s responsible? Washington Free Beacon national security reporter Bill Gertz writes that U.S. officials have “warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected” of possible sabotage. A government tech bureaucrat in the Belarusian regime bragged last summer on Russian radio that HHS is “one of our clients” and that “we are helping Obama complete his insurance reform.”
Gulp. When an authoritarian minion from the country known as “Europe’s last dictatorship” boasts about “helping” the Obama White House, be afraid. One of our intel people spelled it out for Gertz: “The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyber attacks.”
No kidding. The friends of Vladimir Putin are not our friends. If you’ve been paying attention, you know that Belarus and other Eastern European hacking gangs have been at the center of several recent international cybercrimes. These aren’t merely schemes to steal credit card numbers or vandalize websites with annoying graffiti. They’re acts of espionage and sabotage — like using malware in a phishing scheme aimed at White House employees to gather military intelligence and pilfer sensitive government documents.
It’s not just the federal health care system’s problem. Former Obamacare website contractor CGI still holds dozens of contracts with other federal agencies and state governments worth billions of dollars — and wide access to health and financial data. In my state of Colorado, for example, CGI has a $78 million contract to “modernize, host and manage” the state’s financial system. Have they checked to see whether Belarus hackers are standing by?
For their part, Obamacare officials are making their usual “don’t worry about it, the problem’s under control” noises. But we already know the problem is far out of control. Last month, GOP oversight hearings exposed persistent failures by Obamacare overseers to fix security lapses.
Former most-wanted cybercriminal Kevin Mitnick concluded in a letter to Capitol Hill: “It’s shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise.” If the latest warnings from our intel agencies are any indication, it appears that Obamacare Keystone Kops didn’t just leave out security protections, but also may have allowed foreign programmers to write in cyber-traps.
David Kennedy, head of computer security consulting firm TrustedSec LLC and a former cybersecurity official with the National Security Agency and the U.S. Marine Corps, warned that “Healthcare.gov is not secure today” and said nothing had changed since he gave Congress that assessment three months before. Among the vulnerabilities that the Obama administration still hasn’t fixed:
–TrustedSec “identified the ability to enumerate user information (first, last, email, user id, profile, etc.) through one of the sub-sites that directly integrates into the healthcare.gov website.”
–”Tens of thousands of user-based data appears to be vulnerable on the specified website and has not been addressed. There are a number of other exposures that have been reported privately that continue to expose users of the healthcare.gov website.”
–Another exposure identified is “the ability to perform an open redirect.” In fact, “there are multiple open redirects still vulnerable on the healthcare.gov website and supporting sub-sites.” What this means is that “an attacker can send a targeted email to an individual that has signed up for healthcare.gov or is looking to and have it appear valid and legitimate and originate from the healthcare.gov website.” These can open avenues so that victims click on links “redirecting to a malicious website that hacks the computer and takes complete control over it.”
Out: “Got Covered?” In: “Got Hacked?”
Michelle Malkin is the author of “Culture of Corruption: Obama and his Team of Tax Cheats, Crooks and Cronies” (Regnery 2010). Her e-mail address is malkinblog@gmail.com.
- IIFFOFRDB
- 02-05-2014, 08:08 PM
- CuteOldGuy
- 02-05-2014, 10:16 PM
Does the US not have any programmers that can handle this? Why does Obama ship these these jobs overseas?
- flghtr65
- 02-05-2014, 11:37 PM
Does the US not have any programmers that can handle this? Why does Obama ship these these jobs overseas? Originally Posted by CuteOldGuyThe main I/T contractor for Healthcare.gov is CGI and they are from Canada. CGI was hired by the Bush administration. By rule a contractor already on-site can submit a bid for similar work. This is how CGI got the contract for Healthcare.gov. The Bush administration could not get anything right, this includes hiring foreign programmers. The contract for CGI ends on February 28th. Accenture has been hired and will take over March 1st.
- CuteOldGuy
- 02-05-2014, 11:53 PM
Typical. Obama does the same thing as W, but now it's ok. I guess Obama, the President of the United States was forced to use a prior W contractor on a TOTALLY UNRELATED BRAND NEW PROJECT. My mistake.
- Guest040616
- 02-06-2014, 12:30 AM
- gnadfly
- 02-06-2014, 06:22 AM
The main I/T contractor for Healthcare.gov is CGI and they are from Canada. CGI was hired by the Bush administration. By rule a contractor already on-site can submit a bid for similar work. This is how CGI got the contract for Healthcare.gov. The Bush administration could not get anything right, this includes hiring foreign programmers. The contract for CGI ends on February 28th. Accenture has been hired and will take over March 1st. Originally Posted by flghtr65CGI was hired by the Obama administration to construct the Obamacare system without a bid. A top official with CGI was a close classmate with Michelle Obama.
Blaming Bush on this is bullshit. All types of companies can be on the Federal approved vendor list.
Accenture has offices and "trusted" vendors all over the world also. Although they have a better reputation, they (Authur Anderson) crippled many companies during the SAP days. I expect the cost of the website to go thru the roof. Accenture's training center and conference center is in Chicago.
- IIFFOFRDB
- 02-06-2014, 11:32 AM
The main I/T contractor for Healthcare.gov is CGI and they are from Canada. CGI was hired by the Bush administration. By rule a contractor already on-site can submit a bid for similar work. This is how CGI got the contract for Healthcare.gov. The Bush administration could not get anything right, this includes hiring foreign programmers. The contract for CGI ends on February 28th. Accenture has been hired and will take over March 1st. Originally Posted by flghtr65
- LexusLover
- 02-06-2014, 12:05 PM
What did the Bush Administration hire CGI to do? And when?
- flghtr65
- 02-06-2014, 08:35 PM
What did the Bush Administration hire CGI to do? And when? Originally Posted by LexusLoverLexusLover, the Bush Adminstration hired CGI in 2007 to work do enhancements for Medicare and Medicaid. CGI was in the door long before Obama was elected. CGI was one of 16 I/T firms that were allowed to submit a bid for the work on Healthcare.Gov when that came up. See the link below about 10 paragraphs down.
Memo to Gladfly. Mrs Obama has nothing to do with CGI getting the contract for Healthcare.gov. CGI was on site long before Mrs Obama got to the White House.
CGI Federal's winning bid stretches back to 2007, when it was one of 16 companies to get certified on a $4 billion "indefinite delivery, indefinite quantity" contract for upgrading Medicare and Medicaid's systems. Government-Wide Acquisition Contracts — GWACs, as they're affectionately known — allow agencies to issue task orders to pre-vetted companies without going through the full procurement process, but also tend to lock out companies that didn't get on the bandwagon originally. According to USASpending.gov, CGI Federal got a total of $678 million for various services under the contract — including the $93.7 million Healthcare.gov job, which CGI Federal won over three other companies in late 2011.
http://www.washingtonpost.com/blogs/...ealthcare-gov/
- IIFFOFRDB
- 02-06-2014, 08:45 PM
^^^OaSTROTURF SPECIALIST^^^
- flghtr65
- 02-06-2014, 08:51 PM
- JD Barleycorn
- 02-07-2014, 12:19 AM
LexusLover, the Bush Adminstration hired CGI in 2007 to work do enhancements for Medicare and Medicaid. CGI was in the door long before Obama was elected. CGI was one of 16 I/T firms that were allowed to submit a bid for the work on Healthcare.Gov when that came up. See the link below about 10 paragraphs down.
Memo to Gladfly. Mrs Obama has nothing to do with CGI getting the contract for Healthcare.gov. CGI was on site long before Mrs Obama got to the White House.
CGI Federal's winning bid stretches back to 2007, when it was one of 16 companies to get certified on a $4 billion "indefinite delivery, indefinite quantity" contract for upgrading Medicare and Medicaid's systems. Government-Wide Acquisition Contracts — GWACs, as they're affectionately known — allow agencies to issue task orders to pre-vetted companies without going through the full procurement process, but also tend to lock out companies that didn't get on the bandwagon originally. According to USASpending.gov, CGI Federal got a total of $678 million for various services under the contract — including the $93.7 million Healthcare.gov job, which CGI Federal won over three other companies in late 2011.
http://www.washingtonpost.com/blogs/...ealthcare-gov/ Originally Posted by flghtr65
If what you say is completely true then can you not see the difference between a foreign government with strong ties to the US and a foreign country with a dictatorship that used to be part of the USSR? Can you tell the difference between a rooster and a cock? Won't want you putting the wrong thing in your mouth.
Hey! It tastes like dog....