Homeland Security Department official informed that Hackers are tried to hack more than a dozen cyber attacks against the Obamacare website. The officials said The attacks, which are under investigation, failed.
Authorities also are investigating a separate report of a tool designed to put heavy strain on HealthCare.gov through a so-called distributed denial of service. It does not appear to have been activated.
According to Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications. They are informed that "We received about 16 reports from HHS that are under investigation and one open source report about a denial of service"
Stempfley testified at a hearing of the House Homeland Security Committee that the attempts were made between November 6 and November 8, but none were successful.
The DDOS program is called "Destroy Obama Care," was recently spotted on a "torrent" file sharing web page, and first reported last week on a blog by Arbor Networks, which said it found no evidence the program had actually been launched to attack the troubled federal portal for consumers to shop for health coverage.
"We have not monitored any attacks. We have not seen any sizable, or anything to believe that these problems are related to DDOS," said Dan Holden director of security research for Arbor Networks, adding "I don't believe that the problems with the site's availability is due to any kind of DDOS attack."
The Health and Human Services official Chief Information Officer Frank Baitman said his department had engaged an "ethical hacker" on staff to test the defenses of the health care site.The hacker discovered between seven and 10 items related to attempted security breaches which were disclosed in a report.
The House Homeland Security hearing database expert Luke Chang whose company did not work on HealthCare.gov, provided his technical assessment saying that the problem with the roll out of the website was far deeper than "too many users."
Chang said that in his estimation the skill set of the designers of the website were subpar adding that "when you have an environment where the developer can barely get the web site functional, security is way down on the list of things to take care of. Security has to be built-in at the very beginning not at the very end."
The Critical infrastructure protection specialist and CEO of Lunarline, Inc., Waylon Krush told the committee, "There's not a system out there that's perfect in nature, by any means, from a cybersecurity perspective."
Reference:
http://www.cnn.com
Authorities also are investigating a separate report of a tool designed to put heavy strain on HealthCare.gov through a so-called distributed denial of service. It does not appear to have been activated.According to Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications. They are informed that "We received about 16 reports from HHS that are under investigation and one open source report about a denial of service"
Stempfley testified at a hearing of the House Homeland Security Committee that the attempts were made between November 6 and November 8, but none were successful.
The DDOS program is called "Destroy Obama Care," was recently spotted on a "torrent" file sharing web page, and first reported last week on a blog by Arbor Networks, which said it found no evidence the program had actually been launched to attack the troubled federal portal for consumers to shop for health coverage.
"We have not monitored any attacks. We have not seen any sizable, or anything to believe that these problems are related to DDOS," said Dan Holden director of security research for Arbor Networks, adding "I don't believe that the problems with the site's availability is due to any kind of DDOS attack."
The Health and Human Services official Chief Information Officer Frank Baitman said his department had engaged an "ethical hacker" on staff to test the defenses of the health care site.The hacker discovered between seven and 10 items related to attempted security breaches which were disclosed in a report.
The House Homeland Security hearing database expert Luke Chang whose company did not work on HealthCare.gov, provided his technical assessment saying that the problem with the roll out of the website was far deeper than "too many users."
Chang said that in his estimation the skill set of the designers of the website were subpar adding that "when you have an environment where the developer can barely get the web site functional, security is way down on the list of things to take care of. Security has to be built-in at the very beginning not at the very end."
The Critical infrastructure protection specialist and CEO of Lunarline, Inc., Waylon Krush told the committee, "There's not a system out there that's perfect in nature, by any means, from a cybersecurity perspective."
Reference:
http://www.cnn.com
No comments:
Post a Comment