In Clifford Stoll’s book, “The Cuckoo’s Egg,” Stoll tells
about his cyber-manhunt to find a hacker of government computers several years
before the World Wide Web. Hopefully, the government has learned a few
things about cyber-security since then: Stoll mentioned that the hacker accessed
classified information using factory-default passwords and even at times through
“low-privileged” guest accounts. For the
unlearned in computer-security, this makes a computer about as secure as a
house with its front door hanging open. At
that point, be a good host and just leave the family credit card on the table
for the uninvited houseguests.
With the introduction of the Obamacare data hub, 27 years
after Stoll’s manhunt, the government better start building an impenetrable
stone wall around its citizens’ data. Without
proper security measures, sensitive data can land in the hands of an imposter
and bring about a tempest of financial peril.
The average cost of a compromised identity runs about $5,000 and around
10 million Americans already pay that cost every year.
The stone wall has not been built yet, unfortunately. The current implementation of the Obamacare
website doesn’t even employ some of the most basic security measures. The website allows “all-access
requests for other sites,” which could end up in an all-access request from a
website of unscrupulous origin. The site
also doesn’t prevent access to browser cookies, allowing an attacker to get
financial and marital status information if the user has cookies enabled. Moreover, the site doesn’t even prevent automated
login attacks by requiring a photo captcha after login to verify that the user
is human. Without such basic security
measures, hackers can attack the system until
they exploit its vulnerabilities and obtain what they want: someone’s identity.
Easy access to highly sensitive information may be the
quality of security expected from the public sector, but it is certainly not
the quality that the American people need to keep their identities secure. Although Obamacare has the noble aspiration of
bringing healthcare to the nation’s most vulnerable citizens, its supporters
had better look past its politics and take its technical challenges more
seriously. When the Obamacare data hub becomes
fully functional, so will thousands of identity thieves trying to extract its
data. At this point, there would not be
enough Clifford Stolls in the world to stop them.
You are right... I sure hope the government has learned how to secure systems better since 1986. The whole Edward Snowden case suggests they haven't quite figured it out. If a system admin can run away with hundreds of classified documents, who else has the info?
ReplyDelete