ALERT: Obamacare website puts personal information at risk
A local citizen activist with background in online security recently talked to Delegate- Elect LaRock about some of the security concerns with the Obamacare website (www.healthcare.gov). We are posting this important information so that 33rd district residents are aware of these significant security risks.
In 2007, I attended a one week network security course run by the SANS organization (see sans.org). The course was an eye-opening experience, identifying all of the techniques that hackers can use to penetrate networks and the security techniques necessary to prevent this intrusion.
The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Control is passed from one layer to the next, starting at the Application layer in one station, and proceeding to the bottom (Physical) layer, then over the channel to the next station and back up the hierarchy. More info on that here.
In order to properly secure a network, there are commonly recognized security measures and techniques that must be implemented at each layer.
It now has been determined that the OBAMACARE website lacks even the most fundamental security measures regularly used by online shopping sites. Administration documents have confirmed that (1) the Obama Administration knew of these serious deficiencies in advance, deficiencies that would have caused the Government to deny permission for any other website to go online, and (2) the Administration gave itself waivers (that would never have been given to other organizations) so that the rollout could continue.
This exposes any user to cyber intrusion and identity theft and is yet another example of the Administration’s corruption of our capitalist system, ignoring Federal acquisition regulations to funnel kickbacks to political supporters.
First - On November 8th, on nationwide TV with Fox financial analyst Stuart Varney, John McAfee, Founder of McAfee Internet Security, had the following comments on the OBAMACARE website –
“The website contains the following statement, ‘You have no reasonable expectation of privacy. Any Governmental agency may acquire access to your information.’ Secretary Sebilius has testified that they are going to remove the ‘statement’ from the software. However, they do not intend to remove the ability of agencies to access it.”
Second – The website is so full of holes that hackers are licking their chops to get at it. The reason that they haven’t so far is because usage is so low. When people start seriously using it, their bank accounts are going to get emptied out. From a security perspective, you cannot fix this without throwing it out and starting over.
This is consistent with what you learn at SANS. Security needs to start at Layer 1 and be incorporated throughout the OSI protocol stack. I recommend that no one access the OBAMACARE website until creditable civilian organizations, like SANS, certify its security measures.
Dana Newcomb
"A quartet of experts testifying before the House Committee on Science, Space, and Technology cited numerous security flaws within Healthcare.gov. They attributed the risks to the complexity of its 500 million lines of code and a rushed rollout that failed to properly test the website."
The Obamacare question: Can the website handle the volume?
"Luke Chung, president of Virginia-based software developer FMS Inc., told CNN that the administration's prediction that HealthCare.gov would work at 80 percent capacity was an impractical threshold in the software world. 'I don't know how to build something that's only 80 percent complete,' Chung told CNN. 'I don't even understand how that works.'"
Did Obama Order Official to Lie to Congress?In what may be the fastest discovery of someone perjuring themselves before Congress, Henry Chao, the Deputy CIO of the Department of Health and Human Services, apparently lied to Congress a couple of days ago when he said that the Anonymous Shopper feature of the Obamacare site was pulled because it “failed so miserably that we could not conscionably let people use it.” Just a day after Chao’s testimony CNN uncovered emails proving that his version of events was not accurate, and in fact was completely different from what he described.