Page 1 of 2 12 LastLast
Results 1 to 10 of 12
Like Tree6Likes

Thread: Fear that a former Soviet republic inserted malicious code in Obamacare site

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012

    Fear that a former Soviet republic inserted malicious code in Obamacare site

    Fear that a former Soviet republic inserted malicious code in Obamacare site

    Checks of software urged for cybersecurity exploits

    By Bill Gertz - Washington Free Beacon
    Tuesday, February 4, 2014


    U.S. intelligence is urging the Obama administration to check its new health care computer network for malicious software after learning that developers linked to the Belarusian government helped produce the website, raising fresh concerns that private data posted by millions of Americans could be compromised.

    The intelligence agencies notified the Department of Health and Human Services, the agency in charge of the HealthCare.gov network, about their concerns last week. Specifically, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyberattacks, said U.S. officials familiar with concerns.

    The software on the website links the millions of Americans who signed up for Obamacare to the government and more than 300 medical institutions and health care providers.

    “The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyberattacks,” one official explained, speaking only on the condition of anonymity.

    Cybersecurity officials said the concerns are compounded by an Internet data “hijacking” incident last year involving Belarusian state-controlled networks. The monthlong diversion covertly rerouted massive amounts of U.S. Internet traffic to Belarus — a repressive dictatorship country bordering Russia, Poland and Ukraine.

    “Belarusian President [Alexander] Lukashenko’s authoritarian regime is closely allied with Russia and is adversarial toward the United States,” the official said.

    The combination of the Belarus-origin software, the Internet rerouting and the anti-U.S. posture of the Belarusian government “makes the software written in Belarus a potential target of cyberattacks for identity theft and privacy violations” of Americans, the official said.U.S. officials were alerted to the Belarus angle last month when a top official in the country boasted on radio about his country’s role in programming the Obamacare website.

    Rep. Mike Rogers
    , Michigan Republican and chairman of the House Permanent Select Committee on Intelligence, said he was surprised by media reports from Belarus indicating that “some parts of HealthCare.gov or systems connected to it may have in fact been written overseas.” He called for an independent security review of the Obamacare website.

    Mr. Rogers said he was especially concerned by the potential software vulnerability because an official testified to Congress that all software work for the network had been performed in the United States.“We need an independent, thorough security evaluation of this site, and we need the commitment from the administration that the findings will be acknowledged and promptly addressed,” Mr. Rogerstold the Free Beacon.

    “I continue to call on HHS to shut down and properly stress test the site to ensure that consumers are protected from potential security risks from across the globe.”

    Security officials last week urged HHS to immediately conduct inspections of the network software for malicious code. The software is being used at all medical facilities and insurance companies in the United States.

    The officials also recommended that HHS use security specialists not related to software vendors for the inspections to reduce further risks.

    Officials disclosed the software compromise last week after the discovery in early January of statements by Belarusian official Valery Tsepkalo, director of the government-backed High-Technology Park in Minsk.

    Mr. Tsepkalo told a Russian radio station in an interview broadcast last summer that HHS is “one of our clients” and that “we are helping Obama complete his insurance reform.”

    “Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies — they will see the full profile of the given patient,” Mr. Tsepkalo said June 25 on Voice of Russia Radio.HHS spokeswoman Dori Salcido referred questions about the matter to Richard A. Olague, spokesman for the department’s Centers for Medicare and Medicaid Services. Mr. Olague declined to discuss the software vulnerability.

    He also would not say whether CMS was conducting a search for malicious software emanating fromBelarus.

    CMS said in a statement to the Washington Free Beacon that assessments by independent security contractors are conducted regularly by companies such as the Mitre Corp. and Blue Canopy Group LLC.The website also is continuously monitored by CMS technicians and electronic sensors, and weekly penetration tests check the security of the system, the agency said.

    A CMS security team in place also seeks to “identify anomalous activity, and to deter and prevent any unauthorized access,” the statement said.

    “In addition, as new website functions continue to go live, CMS follows a rigorous and regular change management process with ongoing testing and mitigation strategies implemented in real time,” the statement said. “This occurs on a regular basis, in between the [source code analysis] testing periods.”

    A spokeswoman for CGI Federal, the main federal contractor for the health care network, had no immediate comment.

    White House Press Secretary Jay Carney did not respond to an email asking whether President Obama was aware of the Belarusian software.

    White House National Security Council spokeswoman Caitlin Hayden said an intelligence report on the Belarusian link to the Obamacare software was “recalled by the intelligence community shortly after it was issued.”

    However, the reportprompted HHS to launch a security review to determine whether software related to the Affordable Care Act “was written by Belarusian software developers,” she said.

    “So far HHS has found no indications that any software was developed in Belarus,” Ms. Hayden said. “However, as a matter of due diligence, they will continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cybersecurity.”

    A senior administration official questioned whether the suspect software described in the report would be valuable to a nation state.

    “Nation states are generally not interested in [personally identifiable information] for its own sake,” the official said. “Given that, we would be surprised to see a nation-state capability applied in this manner. But we are doing a thorough review anyway.”

    Disclosure of cyberattack vulnerabilities follows months of software problems with the HealthCare.gov rollout that began Oct. 1. The software cost the government more than $400 million. The governmentspent several months attempting to repair the software.

    The software problems prevented hundreds of thousands of people from obtaining health care coverage and undermined confidence in the government-run system.

    Mr. Obama said Sunday that “glitches” with the website were expected, but “I don’t think I anticipated or anybody anticipated the degree of the problems with the website.”

    “The good news is that right away we decided how we were going to fix it. It got fixed,” Mr. Obama said.

    The threat of data diversion is compounded by the discovery last year that Belarus covertly diverted massive amounts of U.S. Internet traffic to Belarus.According to the New Hampshire-based security firm Renesys, which discovered the data diversion, Internet traffic from the United States was sent to Belarus throughout February 2013. The purpose likely was to allow hackers or government agencies to sift through data for financial, economic or government intelligence.The data also may have been modified for other purposes before being returned to the original U.S. and other foreign destinations.The bulk diversion technique is called border gateway protocol hijacking. It involves using a series of network addresses to mask the data diversion through numerous Internet hubs around the world.

    Renesys traced the data diversion from Washington to New York and Moscow and finally to Minsk, the Belarusian capital. It was returned to the United States via connections in Moscow, Frankfurt and New York.

    http://www.washingtontimes.com/news/...=all#pagebreak

    Now, the contract has been awarded to Accenture - another outsourcing giant.

  2. #2
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895


    Mr. Tsepkalo told a Russian radio station in an interview broadcast last summer that HHS is “one of our clients” and that “we are helping Obama complete his insurance reform.”

    Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies — they will see the full profile of the given patient,” Mr. Tsepkalo said June 25 on Voice of Russia Radio.HHS spokeswoman Dori Salcido referred questions about the matter to Richard A. Olague, spokesman for the department’s Centers for Medicare and Medicaid Services. Mr. Olague declined to discuss the software vulnerability.
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  3. #3
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  4. #4
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895
    Cantor: House bill on ObamaCare identity theft notification is a 'no-brainer'

    House Majority Leader Rep. Eric Cantor told Fox News’ Megyn Kelly Thursday the House’s bill that would require the Obama administration to notify Americans within 48 hours if their identity is compromised via the ObamaCare website is a “no-brainer.”

    Cantor, R-Va., said on The Kelly File that many Americans are “legitimately” concerned with information and identity theft when sharing personal information online.

    “If there is any chance that one’s information and identity can be stolen or abused on the healthcare.gov website or in any way shape or form connected with the ObamaCare exchange then we should take the precautionary measures necessary,” Cantor said.

    Cantor also fought back at Democrats who have called the bill a political stunt, and have pointed to the fact that no one has yet had their identity stolen because they used the ObamaCare exchanges.

    Cantor said it is irresponsible for lawmakers to wait until someone does have their identity stolen to act, saying the notification procedure needs to be in place before it happens.

    “The government ought to be willing to just notify victims, that is all we are trying to do and asking the Democrats to set aside politics just this one time and let’s go about helping protect people in case their identity is stolen,” Cantor said.

    http://www.foxnews.com/politics/2014...is-no-brainer/
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  5. #5
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012

  6. #6
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  7. #7
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  8. #8
    Senior Member AirborneSapper7's Avatar
    Join Date
    May 2007
    Location
    South West Florida (Behind friendly lines but still in Occupied Territory)
    Posts
    117,696
    Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

  9. #9
    Senior Member AirborneSapper7's Avatar
    Join Date
    May 2007
    Location
    South West Florida (Behind friendly lines but still in Occupied Territory)
    Posts
    117,696
    Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

  10. #10
    Senior Member AirborneSapper7's Avatar
    Join Date
    May 2007
    Location
    South West Florida (Behind friendly lines but still in Occupied Territory)
    Posts
    117,696
    ObamaCare: From Belarus with love, and maybe sabotage


    By: John Hayward
    2/4/2014 09:32 AM

    I’ve said it before, and I’ll say it again, because the government certainly isn’t going to issue this crucial warning: if you have used the ObamaCare website, you’re at risk of identity theft and hacker attack. Barack Obama didn’t just blow hundreds of millions of dollars building a monument to Big Government failure; he created a massive security vulnerability, not just for individuals but also for the U.S. government, since so many sensitive databases are plugged into the train-wreck Healthcare.gov site. Launching this site was one of the most irresponsible things an American president has ever done.

    Among the worst aspects of the ObamaCare security crisis is that the program’s administrators are not obliged to disclose hacking attacks to the public, and you may rest comfortably assured they will not, at least not until a breach grows so severe that it can’t possibly be concealed. The Obama Administration lies constantly and shamelessly about every aspect of ObamaCare. It’s not going to be unexpectedly candid about situations that could easily become public-relations nightmares which almost completely choke off the flow of Affordable Care Act applications, especially from tech-savvy young people. There are a trillion reasons for them to keep such problems hidden, and absolutely no incentive for transparency.

    The latest alarming news comes from Bill Gertz at the Washington Free Beacon, who delivers the latest snag in President Obama’s program to outsource as much big-ticket government work as possible to foreign companies, while simultaneously lecturing the American private sector on the urgent need to bring jobs home:
    U.S. intelligence agencies last week urged the Obama administration to check its new healthcare network for malicious software after learning that developers linked to the Belarus government helped produce the website, raising fresh concerns that private data posted by millions of Americans will be compromised.

    The intelligence agencies notified the Department of Health and Human Services, the agency in charge of the Healthcare.gov network, about their concerns last week. Specifically, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyber attacks, according to U.S. officials familiar with the concerns.
    ObamaCare is like something that would have been dreamed up for a sequel to “Dr. Strangelove.” The intelligence community seems to be at odds with the Department of Health and Human Services, which I’m sure we can all trust implicitly after its dazzling display of competence and sound management over the past four months:
    The report has prompted HHS to conduct a review to determine if software related to the Affordable Care Act “was written by Belarusian software developers,” she said.

    “So far HHS has found no indications that any software was developed in Belarus,” Hayden said. “However, as a matter of due diligence, they will continue to review the supply chain.

    Supply chain risk is real and it is one of our top concerns in the area of cyber-security.”

    A senior administration official questioned whether suspect software mentioned in the report would be valuable to a nation state.

    “Nation states are generally not interested in [personal identification information] for its own sake,” the official said. “Given that, we would be surprised to see a nation-state capability applied in this matter. But we are doing a thorough review anyway.”

    HSS spokeswoman Dori Salcido referred questions about the matter to Richard A. Olague, spokesman for the HHS’ Centers for Medicare and Medicaid Services (CMS). Olague declined to discuss the software vulnerability.

    He also would not say if CMS is conducting a search for malicious software emanating from Belarus.
    So some HHS officials assure us that a thorough review is under way, while others refuse to even discuss it. Swell. I’ll sleep better knowing the creators of a system that doesn’t even allow administrators to correct obvious errors are all over this. They can look for code from Belarus while they’re frantically working to patch in huge missing chunks of the system with only six weeks to go before the deadline that can’t be rescheduled. The guy who can’t understand why hackers would be interested in stealing personal information, or how hostile foreigners might be interested in using software bombs to crash a system that reaches into every corner of American medicine, doesn’t exactly fill me with confidence… especially since a large-scale hijack of U.S. internet traffic was pulled off from Belarus just last year.

    The intel community’s warning to CMS refers to statements made by a government technology minister from Belarus to Russian media, in which he claimed “our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies – they will see the full profile of the given patient.” The official in question, Valery Tsepkalo, is not just some random goofball with delusions of grandeur; he’s a former ambassador to the United States with solid Russian connections.

    Evidently some folks in Congress saw that interview, too:
    House Permanent Select Committee on Intelligence Chairman Rep. Mike Rogers (R., Mich) said he was surprised by media reports from Belarus indicating “some parts of Healthcare.gov or systems connected to it may have in fact been written overseas.” He called for an independent security review of the Obamacare website.

    Rogers said he was especially concerned by the potential software vulnerability because a CGI executive, Vice President Cheryl Campbell, testified to Congress that all software work for the network had been done in the United States.

    “We need an independent, thorough security evaluation of this site, and we need the commitment from the administration that the findings will be acknowledged and promptly addressed,” Rogers told the Free Beacon.

    “I continue to call on HHS to shut down and properly stress test the site to ensure that consumers are protected from potential security risks from across the globe.”
    Fat chance. The “white hat” hackers who warned about Healthcare.gov’s ridiculous level of vulnerability in November returned to Congress a couple of weeks ago and said the problems are only getting worse, and they personally wouldn’t trust the site with their personal data. But nobody’s going to slam on the brakes now. They won’t do anything that would generate bad press and make ObamaCare even less appealing than it already is, or reduce the public’s already badly shaken faith in the Administration by bringing in third-party auditors who might find all sorts of embarrassing problems. The Obama Administration has been rolling the dice with your health care ever since the early days of this misbegotten scheme. They’ve crapped out a dozen times already. They’re not going to do anything except double down and roll again.

    http://www.humanevents.com/2014/02/0...aybe-sabotage/
    Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •