Is it not possible that hackers could be disrupting ObamaCare computers just to make it difficult for folks to access it and sign up?
Is it beyond the realm of possibility?
Is it not possible that hackers could be disrupting ObamaCare computers just to make it difficult for folks to access it and sign up?
Is it beyond the realm of possibility?
The government has a long-standing tradition of having inadequate bandwidth and a user-hostile interface for anything that the puublic needs to access on-line. Additional hackers are not needed.
Nothing is beyond the realm of possibility, but the symptoms described by people having problem with the healthcare.gov site do not correlate to something like an intrusion or a DDoS attack. They do correlate to a poorly-designed, difficult-to-scale system which is falling apart under heavy load.
“Never ascribe to malice that which is adequately explained by incompetence.”
If there was a denial of service attack, it would just be down. They’d take it down and work on stopping the attack, then put it back up and people would be able to get their work done until there was maybe another attack.
Kind-of-sort-of-working and working slowly and sometimes not working…that’s more in line with poor infrastructure.
Then again it could be a very poor and small denial of service attack that’s not noticeable amongst all of the people trying to actually use it.
They hired professionals to design and implement the program instead of farming it out to a bunch of bored teenagers. That was mistake #1.
If I was trying to make the government look bad, that’s exactly how I’d do it.
I like that saying … the truth always wins in the end
There isn’t going to be a factual answer to this question until if/when it comes out in the news. But in my professional opinion I don’t think the system problems have been due to malicious hacking, they are simply problems a insufficient system has when it has tons of traffic directed at it. It’s like your web browser, open up 10 tabs and it runs ok, 100 tabs and it is slow, 1000 tabs and the computer may or may not even be responding.
However judging by the system performance so far and the unfinished snippets of code I’ve seen, I can’t see why the healthcare.gov system wouldn’t be quite a treasure trove for hackers to get names, addresses, social security numbers, etc for millions of Americans.
How long has this been going on? I’ve never heard of a significant DDoS that has lasted more than a few days.
We’ve been at this since 1973, and every summer we get inundated with people who argue that we’re being narrow-minded for not believing in ghosts, fairies, exorcism, trepanning, their particular deity, bigfoot, the loch ness monster, death by aspartame, a whole slew of alternative medicine crap, astral projection, dream prophesizing, and something about planes on treadmills. And who don’t have te vaguest clue how “evidence” works. The truth isn’t winning, it’s falling further and further behind every year.
That said, let me offer a small counter-point to the bashing on the ACA computer systems. I’ve worked in the computer industry for a long time, and there are basically two kinds of schedules for software delivery: ones defined by achieving quality gates, and ones defined by meeting a date. Ideally, all software would be the first kind: in almost thirty years of software development, I’ve never seen a software package produced to an externally-imposed deadline meet its quality bars at release. Unfortunately, things like holiday buying seasons or legislative deadlines often impose dates, nevertheless.
So I’m not surprised that the system has snags and scalability issues. Compare to Massively Multiplayer Online Games: they’ve been at this for two decades now, some companies on their third or fourth one, and every launch is still a debacle.
On the plus side, there’s nothing like having the public beating you up to enforce clarity and discipline of triage and fixing. Stabilization under fire is almost always faster than stabilization at leisure, albeit not as pleasant for the programmers. It’ll get fixed, and it’ll happen a lot faster than the “several months” people keep guessing at.
Probably the biggest risk of “hacking” is spoofing, which isn’t a true hack. Catch people before they even get to the health exchange website, make them think they are on it and capture data there. It could be for nefarious purposes like identity theft, or as a slightly shady business practice to grab some customers. Here’s a recent article about how Oregon regulators are looking closely at purposely confusing web site domains: Cover Oregon: Regulators work to eliminate confusion about health exchanges - oregonlive.com
I work in big league, high stakes IT too. People can make all the excuses they want but this was just a blown delivery pure and simple. It is true that most major systems implementations have some issues but it is rare to see one this big bungled this badly especially for the money spent. It reminds me of the Hershey foods implementation failure of their SAP system that brought the companies to its knees listed as #1 on this list of the worst systems implementation failures. This one should be added to the list probably in the top 5 of all time.
I am usually the last person to say that systems implementations like this are simple (because they are not) but this one isn’t especially complex in today’s IT world. I could have designed most of the back end myself (literally) and done a much better job. The parameters are fairly easy to determine in advance as long as you have enough sense to accommodate the initial peak traffic.
You don’t have to invent anything new to make it work and work well. The software and hardware already exists at every level of the infrastructure needed. All you have to do is choose the correct combination for the traffic and configure it correctly to avoid the problems they are having now. The traffic that other consumer websites like Amazon get dwarf the amount of traffic they are trying to receive. You might counter that Amazon has had time to build up their infrastructure and that might seem like a valid point until you realize they were able to process much more information than required here 15 years ago as well. That is an eon in technology terms. It is inexcusable that the government along with a very expensive consulting company couldn’t replicate something that ambitious start-ups have already done and largely perfected many times already years ago.
Some states are operating their own health exchanges, some do not. File:ACA health insurance exchanges by state.svg - Wikipedia
Would such a disjointed nature of the implementation protect Obamacare from denial of service attacks? Or is there a single Federally operated Obamacare “server[farm]”?
Hackers are, by and large, liberals (or even radical leftists). Have a look at Anonymous’ list of targets, or just think about the political views of the computer nerds you know. I would be rather surprised if they were attempting to take down Obamacare en masse.
Activist ones, yes, but they make up a very small percent of hackers. Most hackers these days are script kiddies (basically just bored vandals), criminals (who’d love to get access to the health, identity, and financial data moving through these sites) and foreign entities (don’t know if they’d care or not, but their motives are often similar to the criminals’).
Worth noting, perhaps, that as the problems with the system being overwhelmed are beginning to recede and more people are getting through the system, and whole new set of problems are beginning to emerge: the enrollment system is transmitting incomplete and inacurate information to the insurance companies. This is beginning to overwhelm the insurance companies, who were counting on an automated process and now find themselves needing to follow up manually on enrollment information.
I’m not sure if these new problems are necessarily related to the original ones.
I had to take some annual computer security course for corporate. They mentioned that “organised crime” types (both foreign and domestic) are also getting into the indentity theft arena, too.
I would say it’s related in the sense that they went live before the software was ready. And “ready” is a little ambiguous because there are always problems when going live with large projects, but this is well beyond normal for “go live” issues.
Those problems are almost certainly on the other end. Insurers and third party administrators all have their own electronic data interchange formats, and none of them are compatible with any of the others’. If it wasn’t for the fact that Medicaid and Medicare are the elephants in the room (ie. account for a plurality of healthcare reimbursements) standardization wouldn’t exist at all.
There is a whole industry set up around making these competing proprietary data formats work together.