Slashdot Mirror
Hackers Break Into HealthCare.gov
mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.
The country's in the very best of hands.
If you like your private personal data, you can keep your private personal data private.
I'll believe that just like all the other Obamacare lies.
"the malware didn't manage to steal anyone's data, federal officials say."
Mostly because at the time, no one had yet been able to successfully complete the sign up process.
4chan is approaching AARP eligibility.
Is it just me, or does anyone seem to not really care about this (regarding the seriousness of 'getting hacked' that is)? For some reason, I'd like to see obamacare's 'computer servers' all get waxed. Maybe if that happens they won't have to deliberate further about the legality of requiring citizens to put such data on a 'computer server'.
Politics; n. : A religion whereby man is god.
How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies?
This isn't 1994 any more people. Hand crafted individual artisanal servers, personally wrapped in cotton wool and hand reared by the friendly neckbeard, are not how things should be done at scale in this day and age.
FTFA: "Our review indicates that the server did not contain consumer personal information..."
So we're consumers to government services now?
It was bad enough when the corporations changed from using customers to consumers, but no way in hell should the government use that term in reference to its citizens.
--- Keep the choice with the user..
exactly one :-D
Nowhere in the comments above you does anyone blame Obama for this. Your pre-emptive overreaction betrays you.
> It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway.
This is where "we don't need security because the machines will never be connected to the internet" falls apart.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
It's always the current figurehead's fault.
Admins were alerted by suspicious activity on the servers--more specifically by the fact that there WAS activity on the servers.
TFA is on CNN, not on Fox.
Nowhere in the article there's any blame addressed to Obama.
I think maybe you're seeing things brother..
healthcare.gov was better protected then sony? homedepot? target?
Not too bad.
The Kruger Dunning explains most post on
Has /. Been hacked by right wing crazies? I thought nerds were too smart to believe Fox News. And yet it's always Obama's fault. Yeah, I am sure he personally patched in the server by mistake. #EverythingThatGoesWrongCanBeBlamedOnObama
That's risible. Nowhere is Fox, Bush, or Obama mentioned.
Gotta love the hilarity that ensues when the anything that implies just a smidgen of Obama administration ineptitude penetrates an echo chamber like Slashdot.
A factual account about a specific failure on a government program is labelled "hacked by right-wing crazies" by a "BLAME BOOOOSH!!!" loon.
AND it's modded up.
And yeah, Obama's inept.
Compare his response to Russians shooting down an unarmed airliner to Ronald Reagan's.
Compare Obama's response to a US citizen getting his head hacked off by an Obama-proclaimed "JV team" of terrorists (that has managed to take over 1/2 of Iraq and Syria - some "JV team"...) to the response from UK Prime Minister David Cameron.
Look at the situation in Russia - where Obama's minions were so prompt in making fun of Mitt Romney just 18 months ago when Romney said Russia was no friend to the West.
Look at Libya - where Islamist just took over the abandoned US embassy in Tripoli. Hey, but the bombs Obama dropped there weren't "hostilities".
Gotta wonder what the poster I'm responding to would say if George W. Bush had ever claimed dropping bombs weren't hostilities...
And let's not forget about "the dog ate our hard drives, blackberries, and backups" IRS bullshit.
LOL does anyone believe this? Do you remember security people warning just exactly how easy it was to infiltrate and get the data? It was even done as proof of concept.
Believe me someone has gotten in and stolen something.
"If any question why we died, Tell them because our fathers lied."
I was replying to by ChipMonk (711367) on Thursday September 04, 2014 @06:25PM (#47830537) Journal /. on an android phone. I did not RTFA.
The country's in the very best of hands. Things don't always line up using
Well at least someones putting the site to good use.
An open secret is the best kept secret.
Can someone please define what is consumer personal information?
yeah and your vote doesn't matter - the right wing loves people like you. So sure that there is no difference between Republicrats and Dempublicans. So stay have and play video games. That WILL change the world.
"Let us raise a standard to which the wise and honest can repair" - George Washington
Most naive headline evar.
The news isn't that someone broke in. They've been in since before it went live. The news is that someone noticed.
Maw! Fire up the karma burner!
We don't know either. It's media speak for some arbitrary subset of data about someone that some administration mouthpiece has fed the stenographe^Hreporters after consulting with some government lawyer somewhere.
Sorry. Can't help you.
Maw! Fire up the karma burner!
Has /. Been hacked by right wing crazies? I thought nerds were too smart to believe Fox News. And yet it's always Obama's fault. Yeah, I am sure he personally patched in the server by mistake. #EverythingThatGoesWrongCanBeBlamedOnObama
These days, all you have to do is post something they can echo chamber about, and they will descend like locusts. >
Try posting a story about 9 year old girls don't have the right to kill gun range officers with an automatic pistol and see what happens.
They'll have their caps lock and loaded - ready to rumble.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I find that when tackling a problem, it's often much more effective to tackle the correct side of it. For example: when a vessel is leaking, putting a plug in the side with LOWER pressure is far less effective than, if it can be done, putting the plug in the side with HIGHER pressure. Prosecuting people who manufacture, transport, distribute, and SELL drugs is infinitely less effective than prosecuting the people who USE them (and yes, I'm getting to my point here, in a second,) and the fact that in the US they do BOTH is the cause of so much utterly needless, useless, pointless suffering, and causes WAY more problems than it WOULD solve, if it did in fact even solve ANYTHING AT ALL, which it doesn't.
Which brings me to my point. The reason most of this hacking takes place is that the information stolen is VALUABLE. Make it worthless, and the thefts would STOP.
If I may add to this, DUH!
So rather than try to come up with ever more and more sophisticated ways of protecting data, (which I'm not against, but again, it's important to attack the CORRECT side of the problem,) is make it worthless and pointless to steal. How? You are the nerds, YOU figure it out!
Seriously though, what good is stolen data? Well, you could sign up for credit or take out loans, for example, with stolen identifying information.
THIS could probably be fixed very simply, by increasing the standards of verification you need to present to GET a loan, by for example, requiring anyone extending you any kind of credit to VERIFY you are whom you say you are, physically, in person. It is possible as I understand it to open bank accounts, etc., over the phone or via the internet, and THAT sort of nonsense has to STOP. How to enforce this? Very simple. Tell anyone empowered or authorized to act as a lender, a bank, credit union, credit card issuer, etc. etc. etc. that they are OBLIGATED to be able to prove that whenever they extend someone credit, and if they can't, then the person in question is NOT obligated to pay, and they are prohibited from reporting any kind of negative information to any credit reporting agency of any kind, or pursuing any kind of remedy whatsoever against the individual(s) concerned.
Similarly, retailers (etc.) should be obliged to check your card when paying via a credit card, against your photographic ID, and your FACE, and write down the number of your ID card ON THEIR COPY OF THE RECEIPT to prove they checked, or the buyer should be able to decline to pay (the credit card company reverses the charge,) without penalty of any kind because they should be regarded as having a duty to ensure the card being paid with isn't stolen, etc.
These efforts would almost certainly reduce severely, or eliminate the majority of these data breaches, theft of data, etc. Just make it worthless, and people will stop stealing it, and that's the key.
As a final thought, and case-in-point, if they treated people viewing stolen explicit photos (#recentcelebrityselfiehacks) as the criminals and not the hackers, first, they could actually CATCH people, and in so doing reduce or eliminate demand. Want to know why they want pictures of these famous, and often beautiful people but NOT their trash, for example? Because the photos are WORTH something, while the trash is generally worthless.
Get it? We need to stop and THINK before we attack a problem, and consider, are we attacking the correct part of the problem, or just spinning our wheels, wasting our time, and very very frequently, making things MUCH WORSE!
When a private company screws up or screws you over, you can turn to the government for oversight, protection, and changes.
When the government screws up or screws you over, you are screwed.
I plan to.
You certainly sound like you eat drink and poop Fox News.
Sounds like you watch Fox News therefore I don't have to consider anything you say. QED. Plus, I'll rant like a loon for a while and strengthen my argument!
I was thinking more along the lines of "finally some competent hands working on the site, perhaps it will become usable soon"
Good thing all medical information in the US is required by law to be stored in a HIPPA compliant secure way for our protection. ... oh, wait. That doesn't apply to them. Darn.
Give the job of fixing this to the newly minted Federal Government CTO announced on SlashDot just today! http://en.wikipedia.org/wiki/M...
Oh wait, problem, that's not her job, that falls under the Secretary of Health and Human Services control... Washington DC is broken, very broken...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
No I do not. But all the "statements" made by the commenter could have been lifted from Fox News. Anyone who thinks that starting multiple wars is a loon, in my book. Democrat. Always was one and always will be one. Knocked on doors for then Senator Obama in Iowa in 2007-08. Fought crazy Ron Paul supporters who lied about streets that had been canvassed. I did not listen to them and got supporters to pledge for Senator Obama, Ran for delegate to the 2012 DNC and won - went to Charlotte, NC and worked on both campaigns - 2008 and 2012. Are we clear?
"Let us raise a standard to which the wise and honest can repair" - George Washington
typical government doublespeak.
Everybody dies buddy. It's time to come to grips with reality. In all seriousness people get sick and die when they have health insurance too. The hospitals just make sure they take all your money before they let you die.
"Yes - it's a big failure" - Yes, that much we can certainly agree on. Here is a little news flashback for you (I intentionally did not choose a story from Fox News or similar Right-leaning news source) : http://www.huffingtonpost.com/...
Not surprisingly, the administration has quitely stopped releasing signup numbers, despite a promise to do so in the article above: http://hotair.com/archives/201...
The Obama administration continues to play fast and loose with the term "enrollment" and still refuse to tell the public how many people have actually paid for an insurance plan via the Obamacare website.
I'm not suggesting that people should "die" when they get sick. Far from it. I believe that Americans should get the best medical care available.
What I am suggesting is that the implementation of the Affordable Care Act has been a collosal bungle, the likes of which the free world has never seen.
Because there is some wiggle-room in the interpretation of the law, it appears he thought, or hoped, it was possible to tweak the enforcement or application of the law enough so that most people could keep similar services or doctors.
Being overly optimistic is not quite the same as "lying". Bad judgement, yes!
P.S. Mitt told some whoppers also. Honest politicians are a rare breed; I suspect the system weeds out the honest ones.
Table-ized A.I.
hotair.com/ Hot Air is the leading "conservative blog"for breaking news and commentary covering the Obama administration - boom. Hot air it is. Nice of you to post this, but suprisingly, I remain unconvinced.
"Let us raise a standard to which the wise and honest can repair" - George Washington
Ran for delegate to the 2012 DNC and won - went to Charlotte, NC and worked on both campaigns - 2008 and 2012. Are we clear?
Well, we're clear that you have poor judgment.
As far as the Huff post, you knows how to pick em, doncha? You do realize that the website is NOT like it was in October 2013, right? But maybe not. Hey, I hope you never get sick and have to pay every penny you have and then some to get well. I would suggest you check out dailykos.com for better information about how the ACA has actually saved lives. Peace.
"Let us raise a standard to which the wise and honest can repair" - George Washington
I deliberately chose to post from a left wing site (Huffington) and a right wing site (as you noted, Hot Air). Both articles reach the same conclusion. A fact that you seemingly have failed to grasp. Are you disputing the collective conclusions or are you just pissed off that things didn't work out the way you wanted them to?
In most cases you'd expect hackers to hack in and break the site, in this case they probably felt obligated to fix it knowing that that would annoy far more people than taking it off-line :)
-- If at first you don't succeed, lie!
Any conclusion based on malware found is ridiculous. You are basing a conclusion on false pretense and incomplete information.
A real investigator concludes loss of data or other impact based on actual evidence to show those effects. The presence or non-presence of malware is not evidence of such activity. Its only evidence of that malware.
Also, malware does not "slip" around. That is a patently false statement, proving the ongoing poor comprehension of what computer security is all about, and an attempt to avoid blame, responsibility, or accountability.
Sigh.
Look. Do governments always get things right the first time, or does landmark legislation, like the Civil Rights Act of 1964, and now the ACA, get tweaked over time and move towards single payer unlike the Romneycare the ACA was based upon? It is clear to me that you think a website is all that the ACA is. We can go on, but hey, have a good healthy life. Gotta get up manana and plug in some unprotected servers. Maybe President Obama can give me some tips? B-).
"Let us raise a standard to which the wise and honest can repair" - George Washington
"consumer personal information"
Contrary to popular belief, Obamacare doesn't actually provide healthcare, they are an intermediate between a person and an insurance company that provides a level of coverage for health care.
The fact that many are forced by law to use the PPACA website shouldn't detract from the fact that people are actually consuming the insurance product (although at the end of a gun). So people who purchased insurance or consumed products from the website is what they are talking about.
Of course Obama would not show up.
For Obama it is just too beneath his dignity to sit before a Caucasian.
Obama is the "Super NegaVerse" in Chief of Noup'n [pronounced in American English as 'New Pin'].
Ha ha
Great job NSA. Maybe you should have been spending your time strengthening security instead of weakening it.
No hard feelings. We just have a different point of view. I hope that the ACA works out in the end. I really do. All governments must seem to have a poor track record when it comes to this sort of thing. Time will tell. Cheers.
Because of course, every sick person died before the Democrat party came along, right?
I'm sorry, but you Democrat partisans can go hang out in the same hell as the Republican partisans - just leave us freedom loving folk *alone*. Stop trying to tell us who we can and can't marry, how many rounds of ammo we can have in one clip, what dirty words aren't allowed on TV, or how much insurance we have to buy.
Frankly, the best option we have is to never give a party more than one term in office - keep swapping them out, every 4 years (or 6 or 2 for congress critters), and maybe, just maybe, they won't be around long enough to *really* fuck us.
Who needs to get sick? The entire country is going to have to pay every penny it has, and then some, to fix the completely bungled ACA.
The ACA has cost more lives than it has saved, simply by virtue of the *wasted money* that could've been used to actually care for people.
Those damned republicans probably denied the funding they needed to also make it secure.
No doubt it was a Windows machine, and the poor bastard who hooked it up to the internet probably used Internet Exploder 7.
All those moments will be lost in time, like tears in rain... time... to... die...
who do these tool's think they are trying to fool. If that server was setup to test parts of the website, it was connected to the net indirectly from the web servers. The only computer that is not connected to the net, has no connection at all to anything connected to any out facing server.. router web server wifi, anything.
The signups have been tracked by one guy - current total is some 9m. Check out http://acasignups.net/
After the startup glitches (your HuffPo link was from last year, and is well out of date) the site seems to be functioning OK.
Wikipedia:
a communication network should allow a user to focus on the data he or she needs, rather than having to reference a specific, physical location where that data is to be retrieved from
Dear communication network, the address I gave you is not the address of a specific physical location. I gave you something called a Uniform Resource Identifier that is meant to uniformly identify the resource that I want, so that you can retrieve it from the best specific physical location.
These are not the droids you are looking for....................move along.
http://www.foxnews.com/tech/2014/01/16/world-greatest-hacker-calls-healthcaregov-security-shameful/
Joe Biden is a square shooter. Joe Biden for 2016!
as long as your skin is dark and you have a computer degree, fedgovt will hire you. And it don't matter that you went to a "historically black" school where you did not have to show that you learned much. Trust me, I used to work for fed govt.
I thought the NSA was violating our rights so they could be on top of shit like this.
I am not posting this AC cause I dont care, you need to know..,.I just left the healthcare IT industry after 4 years...because security was a sham. It was up to me, the admin, to go on my own and secure everything. I had to do this after hours, on my on time, cause during the core business hours I had to do releases, stand up more servers, baby sit the dev's, fix customer SSO issues, etc. Developers run the web sites..dont believe me..well try to get Ruby devs to change the code ruby auto generates from "Select * from users" to only select the user. Try to make the DB not return a query formed like that. try to break the tables apart so when the code is trying to verify a user who is loggin in, the same row doesnt contain EVERYTHING about them.The devs shit bricks and bitch they cant meet schedule... cause THATS HOW RUBY WANTS IT (or java to some extent). and these are the devs on US soil. the ones in india dont really care, they get paid by the hour, a low amount, so why not argue over shit like this for weeks and miss schedule and drive up the cost(their income) I have worked for two large healthcare websites, that currently hold around 100+ million US users PHI data, and the systems are not as secure as they should be. If they were targeted, they would fold. I know because for some long periods of time i was the ONLY admin at these sites. when i try to lock some things down, ruby or java broke. The customer wants a new feature, by next week, then we did it. Customers like CVS pharmacy, Cigna, Humana. Not to mention the the majority of US companies are going towards a tele-health option for their employees. So when YOU get that letter in the mail saying you now havea tele-health option, guess what, we already have ALL your personal data, from your employer.. whether you choose to sign up or not. Im not saying telehealth is a bad idea, just that in today's society, profit drives everything, security is way down the list of priorities...and as these breaches continue to happen, remember it is not THE ADMINS fault...we can only do so much. yes this is Obamas fault, he is like the CEO. every CEO i have worked for has been more concerned with profit, schedule, capabilities then securing YOUR data.
#include bier;
No I do not. But all the "statements" made by the commenter could have been lifted from Fox News. ....
So you don't watch Fox News but know that all the comments could have been lifted from them? I guess you must have seen snipits posted on sites you read and assume that the editorial part of Fox News is the news part - the same editorial parts that CNN and MSNBC have but leaning the other way.
Democrat. Always was one and always will be one.
Ah - well I'm glad you admit to have an open mind. Sounds like the Democrats don't really have to do anything to win your vote - which is probably why they don't really care what they do on the privacy or war fronts.
Umm...it was a joke dude. Obviously more than one person has been able to sign up. Thanks for playing though.
After the startup glitches (your HuffPo link was from last year, and is well out of date) the site seems to be functioning OK.
Except for this security breach, right?
Hacking healthcare.gov to get JLaw nude pics? New low!!!
I would suggest you check out dailykos.com for better information about how the ACA has actually saved lives.
Do you realize that healthcare actually was working for the vast majority of people? ACA has not really been around long enough to determine if it saved lives. And will you count people that die because their previous insurance was lost because of ACA the fault of ACA or the fault of the private insurance?
I have a feeling that in your mind, anything good regarding ACA is to the credit of government and anything bad is the fault of the businesses or republicans. That's a nice, sheltered world to live in. (I base this on your comments that you don't even listen to alternative views and will always vote democrat.
"...someone had accidentally connected it anyway" while they were 'accidentally' downloading porn.
The Obama administration continues to play fast and loose with the term "enrollment" and still refuse to tell the public how many people have actually paid for an insurance plan via the Obamacare website.
So, here is where you have to make a choice. Either the Democratic Administration is a totalitarian, communist regime trodding all over the rights of private, capitalist institutions by forcing them to report their number of paid enrollees, or the Democratic Administration is a pussy-footed, truth-hiding bunch of disingenuous shits for not forcing private insurance companies to give them the information that you want.
Of course there's a third option. You could simply recognize that the number of paid enrollees is a figure that belongs to the insurance companies, and while the government can ask them for that information, they cannot compel them to turn it over. But you can't simply recognize that without putting a Murdoch/Roger Ailes spin on it, can you?
The parent poster won't read the following link with any interest in the actual verity of the claims. He'll just make some dismissive statement without contradicting any of the claims, because the site doesn't fit within his narrow world view. But for the rest of you, I refer you to actual facts regarding paid/unpaid numbers and how tricky it is coming up with a solid figure:
http://acasignups.net/14/05/27/ok-republicans-now-you-can-ask-all-insurance-companies-how-many-have-paid
There are times in life when you need to admit " I'm just digging this hole further down", and let it go.
That time for you, in this argument, is now.
However, I know you won't.
Please, keep talking, I find your unabashed partisanship amusing.
It makes no difference what government site it was, the key point to look at is this statement: “malware slipped past the Obamacare security system “. If the governments security system is being hacked, then just how safe is any government site?