This page has been archived and commenting is disabled.

ObamaCare Hackathon: Healthcare.gov May Expose Social Security Numbers

Tyler Durden's picture




 

The Obamacare tech team should add another pressing cyber issue to its to-do list. As Mother Jones reports, web secuirty experts warn that that Healthcare.gov (and various state exchanges), the Obamacare websites, has a security flaw that could make sensitive user information, including Social Security numbers, vulnerable to hackers. The website, reportedly, has a coding problem that could allow hackers to deploy a technique called "clickjacking," where invisible links are planted on a legitimate web page. Using this scheme, hackers could trick users into giving up personal data as they enter it into the web site, potentially placing Americans at risk of identity theft or allowing fraudsters to file bogus health care claims.

 

Via Mother Jones,

...

 

it's not just the federal exchange that has security problems. Some of the 15 states that have established their own online exchanges aren't using standard encryption throughout their Obamacare websites—leaving user information at risk.

 

...

 

Here's the problem: When an American signs up for Obamacare online, they must enter a good deal of personal information to verify identity—including name, Social Security number, phone number, email address, income, and employer—and identifying information for their family members. In the majority of states, Americans will enter this information directly into the Healthcare.gov website.

 

Kyle Wilhoit, a threat researcher at Trend Micro, a Japanese security software company, studied the Healthcare.gov portal with his security team and found a "moderate risk" for hacking due to an easy-to-fix coding problem that leaves the site vulnerable to clickjacking.

 

...

 

"Common clickjacking would be a popular method to attempt to exploit [the site]" says Wilhoit. "Hackers could use this information in the creation of fake identities, fake credit cards, and fake accounts very easily." He adds that it's relatively easy to fix, although the fixed code would need to rolled out on multiple Healthcare.gov pages and potentially state websites as well.

 

Asked about clickjacking concerns, the Department of Health and Human Services (HHS) referred Mother Jones to this security statement, which says that Americans don't need to worry: "If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents."

 

...

 

Some state Obamacare sites could be significantly more vulnerable than the federal portal. Healthcare.gov site uses a common form of encryption called Secure Sockets Layer (SSL), which prevents information from being intercepted by a hacker after you click "send" (SSL doesn't defend against most clickjacking). But the 15 states currently running their own independent Obamacare websites do not have explicit instructions from the HHS to use SSL.

 

...

 

"These state sites...represent more viable targets for direct attack" than the federal data hub, Budd argues. And hackers have been known to target state healthcare programs—last year, over 280,000 Social Security numbers were stolen from Utah's Medicaid server.

 

...

 

Many security experts argue that Healthcare.gov's code would quickly improve if it was open source—posted publicly for other programmers to examine, adapt, and improve. In fact, the code for the site was originally supposed to be open source. But HHS removed its code from open-source websites after developers complained they had trouble distinguishing which code belonged to which part of the website. Since then, all of Healthcare.gov's coding mistakes have happened behind closed doors.

So apart from low sign-up rates, inability to handle visitor volumes, FUBAR Account creation, incorrect pricing guidelines, helpline overload, and security holes... Obamacare is a great success so far

 

- advertisements -

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 10/25/2013 - 13:02 | 4090499 TeamDepends
TeamDepends's picture

Problems? Dial 1 800 FU....

Fri, 10/25/2013 - 13:06 | 4090511 macholatte
macholatte's picture

 

Anybody know how much Obamacare has cost so far?

 

Fri, 10/25/2013 - 13:09 | 4090517 Skateboarder
Skateboarder's picture

Nothing, compared to what it's going to cost everyone in standard of living.

Fri, 10/25/2013 - 13:14 | 4090540 jaap
jaap's picture

Mother Jones? That shill??

Fri, 10/25/2013 - 13:28 | 4090574 somecallmetimmah
somecallmetimmah's picture

"Hellcare.gov May Expose Social Security Numbers"?

Is that a threat?  With the tacit approval of the Social Security Administration?!?

ELEVENTY!11!!!

Fri, 10/25/2013 - 14:21 | 4090814 Manthong
Manthong's picture

<<<<<   Obamacare is a flesh-eating virus.

<<<<<  The ACA is revenue neutral, will lower healhcare costs, and you can keep your same plan and doctor if you want.

Fri, 10/25/2013 - 15:08 | 4090999 kralizec
kralizec's picture

Needy up-arrow whore!  ;)

+1

Fri, 10/25/2013 - 15:20 | 4091050 Manthong
Manthong's picture

..just searching for love anywhere I can get it

Fri, 10/25/2013 - 13:36 | 4090611 MarsInScorpio
MarsInScorpio's picture

MomJo shills for the Left Wing Looney Tunes.

 

If they are saying something is broken, it must be REALLY broken - on the verge of vaporizartion.

 

This is an incredibly big disaster - and no one with any sense will even visit the site - let alone try to use it.

-30-

Fri, 10/25/2013 - 15:50 | 4091165 GeezerGeek
GeezerGeek's picture

Call me cynical, but I wouldn't be at all surprised if the healthcare.gov site was sabotaged on purpose. Then Obama can act tough, call in the A-Team, get it fixed in about six weeks, and let everyone know once again that he's saved us. For all we know, the beta tests went fine and then they threw in some errors for the initial deployment.

Sat, 10/26/2013 - 04:49 | 4092568 lewy14
lewy14's picture

No.

It's fucked.

Fri, 10/25/2013 - 17:33 | 4091450 James-Morrison
James-Morrison's picture

Hell no, I won't go!

Just sign-up on the Provider's company website. They each have one with the same plans listed on the .gov exchange. Don't forget to set the pricing to "2014".

If you qualify for a subsidy, take a tax credit on your TY2014 form 1040 (if you can afford to wait).

Don't dip your spoon into that steaming bowl of FUBAR.

Sat, 10/26/2013 - 04:41 | 4092565 lewy14
lewy14's picture

Exactly.

I read Mother Jones from time to time just to see what smoke the Red Team is blowing up my ass.

When I read stuff in MK that could come from National Review, then Houston we have a problem...

Fri, 10/25/2013 - 14:08 | 4090761 Lewshine
Lewshine's picture

Obamacare could directly cause Cancer, sterility, blindness and poverty - Doesn't matter, because it's the democratically elected psychopath's legacy at stake...Where's your fucking priorites??

Fri, 10/25/2013 - 14:17 | 4090797 Joe Davola
Joe Davola's picture

Consult a physician if you catass for more than 4 hours while trying to login to the federal exchange website.

Fri, 10/25/2013 - 19:07 | 4091677 Manthong
Manthong's picture

..at least Barry does not have to worry about his genuine Connecticuit SSN because he only needs is for posturing.

Fri, 10/25/2013 - 13:23 | 4090553 NOTaREALmerican
NOTaREALmerican's picture

Re:  Anybody know how much Obamacare has cost so far?

The people I know ready to loot it are hoping at it "cost" at least as much as Big-MIC.

It's the government,  who cares about cost as long you are personally getting the loot?

Fri, 10/25/2013 - 13:30 | 4090580 somecallmetimmah
somecallmetimmah's picture

"...it "cost" at least as much as Big-MIC."

 

Rasis.

Fri, 10/25/2013 - 13:53 | 4090700 Ying-Yang
Ying-Yang's picture

Healthcare.gov is $680 million with $98 million going to Canadian firm.

It is broken but they got paid.

Fri, 10/25/2013 - 13:58 | 4090719 Flying Wombat
Flying Wombat's picture

A Bloomberg study out earlier this week talked about $1Billion+ and all they did was look at "ACA" on contracting bid databases to come up with a number MUCH higher than previous government estimates.  Google Bloomberg Obamcare Cost or some-such and you'll find it.

Eric Dubin, Managing Editor, TheNewsDoctors.com

Fri, 10/25/2013 - 14:00 | 4090723 Flying Wombat
Flying Wombat's picture

BTW, check this out.  It's a really funny video on Obamacare  http://thenewsdoctors.com/creepy-uncle-sam-is-back/

Fri, 10/25/2013 - 14:12 | 4090760 Trampy
Trampy's picture

Anybody know how much Obamacare has cost so far?

Cost?  In terms of what, exactly?  And to WHOM, and WHEN?

Monetary cost to produce it, or cost of the damage it will ultimately cause, or both?

There are sure to be other "costs" as well.  Anyone who thinks they know the answer is a fool. 

There is probably a number made up by someone somewhere at OMB that purports to answer your question, but, in the immortal words of Hillary, "what difference does it make?!" 

Fri, 10/25/2013 - 15:53 | 4091173 GeezerGeek
GeezerGeek's picture

The greatest cost will be in terms of liberty and privacy, or the lack thereof. 

Fri, 10/25/2013 - 13:07 | 4090512 icanhasbailout
icanhasbailout's picture

You'll be protected by the same people who still can't find Rachel from Card Services.

Fri, 10/25/2013 - 13:03 | 4090502 One And Only
One And Only's picture

But. Free birth control. Should help lower reproduction in those urban areas full of degenerates. Thanks Obama

Fri, 10/25/2013 - 13:30 | 4090581 somecallmetimmah
somecallmetimmah's picture

Rasis.

Fri, 10/25/2013 - 13:57 | 4090715 InTheLandOfTheBlind
InTheLandOfTheBlind's picture

when it doesn't do ya think that they are gonna suggest forced sterilization?

Fri, 10/25/2013 - 17:22 | 4091429 NIHILIST CIPHER
NIHILIST CIPHER's picture

YES.                                     (sarc/ off)

Fri, 10/25/2013 - 14:01 | 4090727 SDShack
SDShack's picture

Along those lines, what's insane is how liberals will scream and demonstrate to the ends of the earth on abortion, specifically how NOTHING must ever come between a woman and her doctor. But they are perfectly fine in creating the biggest govt bureacracy on earth known as 0zer0care that puts 2 layers between the woman and her doctor (govt and insurance) for EVERY healthcare decision she is going to make for the rest of her life, including her partner's life, and her children's lives. Say that to a liberal and watch their heads explode.

Fri, 10/25/2013 - 13:08 | 4090513 Dr. Engali
Dr. Engali's picture

Bush's fault.

Fri, 10/25/2013 - 13:09 | 4090519 Stoploss
Stoploss's picture

I think Barry care is going one place, and one place only...

 

Straight back up Barry's ass, where it came from..........

Fri, 10/25/2013 - 13:19 | 4090546 john39
john39's picture

obongocare was designed to fail...  this is an interim step towards a single payer system that our owners so desire.

Fri, 10/25/2013 - 14:06 | 4090752 ChubbNut
ChubbNut's picture

"obongocare" - good one John! /sarc

Fri, 10/25/2013 - 13:11 | 4090520 Winston Churchill
Winston Churchill's picture

Thats the website 's best feature.Prolly designed in by the NSA.

Makes you wonder if the govt. spying is truly a threat.I'm sure the same level

of total incompetence is prevalent there as well.Maybe moreso  seeing there is

no oversight at all.The data center doing frquent impersonations of a TESLA car

does makes you wonder.

Fri, 10/25/2013 - 13:27 | 4090569 Dewey Cheatum Howe
Dewey Cheatum Howe's picture

The emperor is a lot more naked than people realize. There is perception then reality, they tend to not reside in the same plane. The competence of this shit show called the healthcare exchange website is not an isolated problem but a symptom of something bigger.

Fri, 10/25/2013 - 13:12 | 4090521 1stepcloser
1stepcloser's picture

Thats fine, most who need to sign up don't have viable SSNs to steal, what FICO of 550 at best.....no new credit lines with that mess..  Now if they can steal EBT numbers???

Fri, 10/25/2013 - 13:40 | 4090641 depression
depression's picture

Bragging rights. Surprised it has taken this long for Anon to get around to exploiting the web-site, perhaps they still blindly worship their O'savior.

Fri, 10/25/2013 - 13:12 | 4090525 l.kimbot
l.kimbot's picture

$290, 000, 000 to infinity.  No surprise.   Ultimately,  it will be the IRS' party.  "Penalties and interest. "

Fri, 10/25/2013 - 13:12 | 4090527 carbonmutant
carbonmutant's picture

Looks like the Tea Party's attempts to delay Obamacare were doing the Democrats a favor...

Fri, 10/25/2013 - 13:39 | 4090634 Papasmurf
Papasmurf's picture

The dems screwed up.  They could have caved in to the Repukes while they bandaged up this program to role it out a year later.

Fri, 10/25/2013 - 16:18 | 4091263 earnyermoney
earnyermoney's picture

Yep. Now the Red team is going to beat the Blue team's ass like a drum through the mid-term elections.

Fri, 10/25/2013 - 13:12 | 4090528 thatthingcanfly
thatthingcanfly's picture

OT

Why is gold ramping on a Friday afternoon? Isn't it supposed to be getting crushed right about now?

Fri, 10/25/2013 - 13:23 | 4090556 NotApplicable
NotApplicable's picture

"Turn that machine back on!"

Fri, 10/25/2013 - 13:13 | 4090536 Urban Redneck
Urban Redneck's picture

No SSL? Hundred of millions of dollars? And it still doesn't work?

Are we even sure that cunt Sebelius even knows what a website is or an insurance application is? Or what the internet is? Or what healthcare is?

CLAWBACKS.

Both DHS Management and .GOV contractors.

Fri, 10/25/2013 - 13:24 | 4090557 NOTaREALmerican
NOTaREALmerican's picture

Re:  Both DHS Management and .GOV contractors.

HA!   funny one.    Feature, not a bug.  

Fri, 10/25/2013 - 14:28 | 4090851 Non Passaran
Non Passaran's picture

It's a cost saving measure.

Do you know how expensive SSL certs are?

The government is trying to save every cent it possibly can!

Fri, 10/25/2013 - 13:48 | 4090547 socalbeach
socalbeach's picture

5 years from now.

 

Obama: "ACA would have worked, but people are a little screwy sometimes."

Fri, 10/25/2013 - 13:20 | 4090550 Yen Cross
Fri, 10/25/2013 - 13:28 | 4090575 NotApplicable
NotApplicable's picture

Cool, thanks for the tip.

Fri, 10/25/2013 - 13:52 | 4090692 Platinum
Platinum's picture

Thanks for the heads up on lightbeam. This is one of the reasons I read ZH. Well that, and an appreciation for the freakshow that we all get to comment on.

Fri, 10/25/2013 - 13:23 | 4090555 Seasmoke
Seasmoke's picture

Talk about A Trojan Horse for foreign enemies to take advantage of. 

Fri, 10/25/2013 - 13:24 | 4090558 Trimmed Hedge
Trimmed Hedge's picture

It's been like 5 years, yet not 1 attempt on Barry's life...

Fri, 10/25/2013 - 13:28 | 4090571 Urban Redneck
Urban Redneck's picture

America ran out of Allies and Friends more than 5 years ago.

Fri, 10/25/2013 - 13:54 | 4090701 W74
W74's picture

Izweall?

Fri, 10/25/2013 - 13:31 | 4090588 Dewey Cheatum Howe
Dewey Cheatum Howe's picture

He still has potentially 3 more years and people are only now starting to wake up. If I was him and the way he is pissing off people in the military I wouldn't want to be traveling overseas or outside the US in general.

Fri, 10/25/2013 - 13:41 | 4090647 WOAR
WOAR's picture

7 more years.

The constitution is just a piece of paper, right? Amendments be damned!

Fri, 10/25/2013 - 13:53 | 4090698 W74
W74's picture

It would be racist not to elect Obama to a third term.

Fri, 10/25/2013 - 16:15 | 4091253 earnyermoney
earnyermoney's picture

That rasis hog Hitllary will put an end to any 3rd term plans.

Fri, 10/25/2013 - 13:32 | 4090594 somecallmetimmah
somecallmetimmah's picture

Rasis.

Fri, 10/25/2013 - 13:51 | 4090690 W74
W74's picture

Can you stop with that?  It's neither funny nor a contribution to the discussions here.

Fri, 10/25/2013 - 13:25 | 4090559 Blano
Blano's picture

I don't know jack shit about IT and I believed from the get go that this issue was going to pop up, and will probably be an issue going forward.  Just another reason to not sign up.

Fri, 10/25/2013 - 13:25 | 4090564 replaceme
replaceme's picture

The real money maker is taking those SSNs and filing  fake claims.... There was a medicare fraud going on in florida, the trio made about 100 mill over a decade, filing fake medicare claims from their fake clinic, run out of an empty store front.  They got caught when they set up a check cashing company to handle the volume of checks coming in... I appreciate financing their lifestyle, and yet I can't help feeling ripped off a little.

Fri, 10/25/2013 - 13:49 | 4090683 W74
W74's picture

I see Check Cashing stores all over and think "well, it's just a way to make money off of the Obama trash who don't know jack shit about finance" but then lately I've been thinking that those places HAVE to be doing more than just cashing checks if they're able to pay some of the retail office leases in many locations. 

They simply have to be laundering money from the dealers and whoever else needs that kind of service.  Why else would anyone want to lose aproximately 3% right off the bat just to have a check cashed?

Fri, 10/25/2013 - 17:54 | 4091504 harposox
harposox's picture

These are people living paycheck to paycheck with no savings and no money management skills. 3% is a lot cheaper than paying overdraft fees on a bunch of bounced checks...

Fri, 10/25/2013 - 13:30 | 4090584 A Lunatic
A Lunatic's picture

Who  coulda knowed, right?

Fri, 10/25/2013 - 13:33 | 4090603 somecallmetimmah
somecallmetimmah's picture

President Obama tried to warn us, but we couldn't be bothered to listen, could we?

For shame.

Fri, 10/25/2013 - 13:35 | 4090604 daemon
daemon's picture

"Americans don't need to worry: ...."

More precisely, Obama said : "Dooon worry, beee happy, woooo, woo, woo, ....."

 

 

Fri, 10/25/2013 - 13:53 | 4090703 somecallmetimmah
somecallmetimmah's picture

Rasis.

Fri, 10/25/2013 - 13:38 | 4090624 monad
monad's picture

This is to US citizenship as lost loan docs & titles are to private property. Its war.

Fri, 10/25/2013 - 13:43 | 4090658 daemon
daemon's picture

"... site vulnerable to clickjacking."

And if I were you people, I would most certainly avoid this one too :
www.defense.gov/‎.

It has code errors somewhere, that render the site vulnerable to clickdroning .

 

Fri, 10/25/2013 - 14:55 | 4090941 Nobody For President
Nobody For President's picture

+1 for clickdroning

Fri, 10/25/2013 - 14:30 | 4090859 El Vaquero
El Vaquero's picture

Yet another reason I am glad that when I went to sniff around the Obamacare website, I got to the part that wanted me to input my personal info and I said "fuck this shit" and closed the window. 

Fri, 10/25/2013 - 14:37 | 4090888 PGR88
PGR88's picture

The phrase the government use is

 

"THE USER CAN HAVE NO REASONABLE EXPECTATION OF PRIVACY."

Fri, 10/25/2013 - 15:07 | 4090991 Winston Churchill
Winston Churchill's picture

Yours,

NSA,DEA etc etc etc.

Fri, 10/25/2013 - 16:10 | 4091227 John_Coltrane
John_Coltrane's picture

They should have stated:

THE USER MAY HAVE AN UNREASONABLE EXPECTATION OF PRIVACY

Fri, 10/25/2013 - 15:19 | 4091045 syntaxterror
syntaxterror's picture

Don't listen to the bloggers! Enroll!

Fri, 10/25/2013 - 16:18 | 4091265 John_Coltrane
John_Coltrane's picture

Just imagine what a hoot it will be when any suckers actually manage to sign up and then discover there really aren't any doctors (particularly specialists) available to see them in their "plan".  The competent ones either don't accept medicaid or medicare insurance or a taking "early retirement" or are "fully booked".  They will need to revise their "plan" to staying healthy and keeping the hell away from any hospital (also known in the medical profession as the center for novel bacteria and virus biogenesis).  Unfortunately,  they'll still be stuck with the premiums as well as any identify fraud costs.

Fri, 10/25/2013 - 23:33 | 4092285 kareninca
kareninca's picture

Exactly.  Supposedly if you finally manage to sign on/up, actual health insurance and HEALTH CARE follow.  Hahahahaha.  We're only experiencing the first layers of how nonfunctional this is.  What is really horrible is that people will die as a result of all of these hundreds of thousands of cancelled policies (whose holders now can't get new insurance that actually works).

Mon, 01/13/2014 - 04:51 | 4326646 O'Scamma
O&#039;Scamma's picture

Obama healthcare.gov was never intended to function as it was sold to American public-it is rigged as a spoof phishing scam to gather data otherwise unattainable under Federal H.I.P.A. now snookering the unsuspecting public the weakest and vunerable into opening up once sealed medical files diverted in the process to Obama's own personal use that of which allowed him to issue directives to FDA to fast track approvals for any bio tech companies working on drugs targeting these illnesses in which teh President's blind investment trust takes insider position the efficacy of drugs being tested never at issue as FDA is not a scientific research org. but an political device as past FDA insiders along with bio tech doctors and scientists have been charge with insider trading over the years only that semblance of a cure be made for a quick buck.

Obama will leave office the wealthiest man on Earth while taxpayers who cant afford insurance fund his exploits.

Do NOT follow this link or you will be banned from the site!