Another hackers’ attack took place between 6th and 8th of November. President’s Healthcare.gov site been recording 16 attempts through its search box and representing the code as automatically completed options. Most of these options are harmless, but some of them determined as serious threat in future, preceding further “cross site scripting” flaw or XSS.
So far, federal services data hub that connects the Obamacare with databases at the Department of Homeland Security, Department of Defense, IRS, Office of Personnel Management, Peace Corps, Social Security Administration and Veterans Health Administration, it makes sense to expect new attacks succeeding which will let crackers reach great users’ database including personal information.
“Due to the fact there are consumers punching in personal identifying info that makes it a very attractive target.” A McAfee online security expert Robert Siciliano commented.
It’s hard to believe U.S. government sites might be intercepted so easily, hundreds of attempts occur daily. “Computer hacking can be an easy, efficient way of protesting”, experts add. It comes from the fact that the approximately 16 reported attacks on healthcare.gov is a surprisingly small number.
“The fact there was only 16 is surprising. Maybe those 16 are the documented ones,” experts said at a hearing of the House Homeland Security (HHS) Committee.
Meanwhile Assistant Secretary Roberta Stempfley told its members the attempts to knacker the site had failed, (the site was perfectly capable of taking itself down, as it turned out).
The report does say the number of attacks on the site is very low compared to other government targets. “At least one of the assaults involved a Distributed Denial of Service (DDoS) attack in which crackers strain database before it destroys its servers”, she added. Stempfley said the DDoS attack did not succeed.
Despite, hacking into U.S. government computers is not impossible. Among favorite hackers’ methods mentioned before cross-site scripting or XSS. It involves suggested site with harmful malicious data, providing further data bank manipulating. “Other forms of hacking, such as “drive-by downloading”, are much worse”, says Paul Delaup, Internet security consultant.
The HealthCare.gov attack suppresses public moods, delaying or even refraining people from applying for Obamacare. “I don’t trust it. I have no assurances that it’s secure. And, I can’t recommend it to anybody else,” South Carolina Attorney Tom Dougall commented on a recent site glitches.
“I would fault the people that created the system — the contractors who are paid to create a secure system, that created an unsecure system”. He added.
Meanwhile, a denial-of-service tool specifically designed to target the U.S. government’s healthcare enrollment marketplace was detected by Arbor Networks’ Security Engineering and Response Team (ASERT) researchers. “Of course, there’s no way of knowing who wrote and posted the tool, which has been mentioned on social media sites. It’s certainly possible that it’s the work of critics of President Obama’s healthcare legislation”, they have commented.
The “Destroy Obama Care” utility is designed to put a strain on the site by huge traffic flow, more than it can handle.
“ObamaCare is an affront to the Constitutional rights of the people,” the screenshot from the tool says.