Slashdot Mirror
Hackers Break Into HealthCare.gov
mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.
"the malware didn't manage to steal anyone's data, federal officials say."
Mostly because at the time, no one had yet been able to successfully complete the sign up process.
Yes I'm sure this has never happened to a private company or multiple major financial institutions, or academic institutions, or security companies or IT companies.
Oh wait.
How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies?
This isn't 1994 any more people. Hand crafted individual artisanal servers, personally wrapped in cotton wool and hand reared by the friendly neckbeard, are not how things should be done at scale in this day and age.
FTFA: "Our review indicates that the server did not contain consumer personal information..."
So we're consumers to government services now?
It was bad enough when the corporations changed from using customers to consumers, but no way in hell should the government use that term in reference to its citizens.
--- Keep the choice with the user..
exactly one :-D
TFA is on CNN, not on Fox.
Nowhere in the article there's any blame addressed to Obama.
I think maybe you're seeing things brother..
healthcare.gov was better protected then sony? homedepot? target?
Not too bad.
The Kruger Dunning explains most post on
Confession: I just actually RTFA. Don't ban me.
Evidence the attack hadn't proceeded? That the 'attack tools' were sitting there, waiting for the command.
So someone broke in and left a bunch of 'hacker tools' laying around a directory and listening on a port as a service?
Wouldn't the last step of a successful attack be to clean up all traces, run defrag then perhaps install a fresh copy of BO. Just incase someone changes the password before you come back.
How would you know the difference between a successful raid and an aborted one? Could you give a quick answer? If you needed to search logs to even start answering but the PHB was breathing down your neck what would you say? What other servers would you even start on? What OSs are they using? What skeletons have they already hidden? Database? Read only? Did anybody 'SELECT * FROM *' lately?
Just how good can the logging/intrusion detection be? They let a local login loose.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
The difference is people voluntarily give data to these companies where as you are forced to give information to Healthcare.gov. It would be the same as if the IRS was hacked.
I love Jesus, except for his foreign policy.
Federal government isn't spending your money either. Federal government is not revenue constrained.
"Taxes for revenue is obsolete."
"Yes - it's a big failure" - Yes, that much we can certainly agree on. Here is a little news flashback for you (I intentionally did not choose a story from Fox News or similar Right-leaning news source) : http://www.huffingtonpost.com/...
Not surprisingly, the administration has quitely stopped releasing signup numbers, despite a promise to do so in the article above: http://hotair.com/archives/201...
The Obama administration continues to play fast and loose with the term "enrollment" and still refuse to tell the public how many people have actually paid for an insurance plan via the Obamacare website.
I'm not suggesting that people should "die" when they get sick. Far from it. I believe that Americans should get the best medical care available.
What I am suggesting is that the implementation of the Affordable Care Act has been a collosal bungle, the likes of which the free world has never seen.
> Please tell me your comment is snark.
No sir. I am dead serious! Obama is incompetent. Take for example this business with Putin and ISIS and Taliban. It is getting out of control. Not because these are hard problems, but because Obama is a pussy. He wants to keep thinking about it. As GWB would say, time for thinking is over. Its time to kick some ass. If you have seen the Rambo series of movies, you'd know what I am talking about.
Man, I hope to God Chuck Norris runs for president and wins. I'd like see the expression on Putin's face when that happens.
Yes I'm sure this has never happened to a private company or multiple major financial institutions, or academic institutions, or security companies or IT companies.
Major financial institutions, academic institutions, security companies, and IT companies don't force us under penalty of law to use their wares and put our personal confidential information at risk. Furthermore, few if any of them have managed to create something of such colossal expense, enormous failure, corruption, and risk we see now.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Why does people who do not like the idea of the government collecting and storing personal data (under threat of law in most cases) that until recently was private and confidential on servers accessible by the internet have to be trolls for the Koch brothers?
And why would that be bad?
Here is the problem that maybe you simply do not get. Storing all your information on the internet is not a good thing. We have fought tooth and nail forever trying to get people to understand that and now the government decides it is best practice. So yes, completely make fools of fools might very well be warranted here. Maybe then it would cause people like you to wake up.
I'm with linuxguy on this one - what good are nuclear weapons if you don't show people what they can do from time to time? In the 50s we had bomb shelters and duck and cover drills... now we are soft. Sitting on the sidelines applying gentle pressure isn't the American we love - Obama needs to make Mad Max happen NOW.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
On the other hand, I explicitly recall a statement along the lines of "we aren't going to worry about security until after we get it all up and working first" from one the people running the program. I sure wish I had bookmarked it because it is the kind of thing that is too stupid to believe.
Maybe you're thinking about this: "Among the issues that concerned the government's own technical experts was that security testing could not be completed because the system was undergoing so many last-minute changes."