Obamacare Website Compromised; Security Issues Surface

Nov 21, 2013 By Sharon Solomon

The Obamacare website has now joined the ever-growing list of compromised portals. Reports of bad user-experience and rumors of security breaches have been making the rounds for weeks, but the newly launched national healthcare website (healthcare.gov) has now apparently fallen prey to a typical Cross-Site Scripting attack. 

Cross-Site Scripting attacks, also known as XSS attacks, are security breaches that involve the delivery of dangerous malware to users using JavaScript. The hacker can then manipulate user-settings, control accounts and launch false content. While these loopholes exist in virtually every platform, they can be detected with Source Code Analysis (SCA) tools.

Obamacare users recently noticed that the typing of characters such as semicolon (;), apostrophe (‘) and the less-than sign (<) in the Search Field brought up terms used in hacking methods such as XSS and SQL injection attacks. These findings, along with other search malfunctions, have made is safe to assume that the website has been compromised.

The House Science, Space and Technology committee assembled experts and professionals from the Internet Security industry, who painted a grim picture of the Obamacare website’s security status. The common message was that the website’s infrastructure was incapable of dealing with malware attacks, especially SQL injection attacks.

“I think there’s little to no monitoring. So they probably don’t even know if they’re getting hacked right now,” David Kennedy, CEO of information security firm TrustedSEC and a “white hat hacker” testified before the committee.

Kennedy went on to explain that most huge websites face over 30,000 different types of malware attacks per month. He estimated that the Obamacare website will be targeted on a constant basis and get extra attention from hackers in coming months. The cyber security expert was underwhelmed with the current security status of the website.

The United States Department of Health and Human Services (HHS) has officially taken responsibility for the uncompleted “back office systems” and internal engine. The website, which has to eventually serve millions of American citizens, will be a work in progress for weeks and maybe even months to come.

Read Source 1 – Obamacare Website Developers Rush To Fix Bug

Read Source 2 – Healthcare.gov Already Compromised

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.