General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsRight wing cyber attacks on Healthcare.gov website confirmed
http://www.examiner.com/article/right-wing-cyber-attacks-on-healthcare-gov-website-confirmed
Yesterday, the House Homeland Security Committee published a video on their Youtube page highlighting a portion of the committee questioning Roberta Stempfley, acting assistant secretary of the Department of Homeland Securitys Office of Cyber-security and Communications, who confirmed at least 16 attacks on the Affordable Care Acts portal Healthcare.gov website in 2013.
Roberta Stempfley highlighted one successful attack that is designed to deny access to the website called a Distributed Denial of Service (DDoS) attack. A DDoS attack is designed to make a network unavailable to intended users, generally through a concerted effort to disrupt service such as repeatedly accessing the servers, saturating them with more traffic than the website is designed to handle.
Right wingers have been distributing the link to the necessary tools to perform the attacks on the Healthcare.gov website through social networking, as pointed out by Information Week, and other websites .
The name of the attack tool is called, "Destroy Obama Care!"
JesterCS
(1,827 posts)they track down every one and charge them with cyber-terrorism. Why can't people be nice?
LuvNewcastle
(16,856 posts)Trying to shut down a government website so people can't buy the insurance they need and that the government requires isn't civil disobedience, it's terrorism. I'm really sick of these RW terrorists being allowed to pull shit and not suffer any consequences. If leftists had done something like this while Bush was in office, they would be getting waterboarded right now. Obama wouldn't put up with it either. When RWers do it, the government acts like it's a damned fraternity prank.
RKP5637
(67,112 posts)those distributing the link are inciting terrorism. The whole pack of them should be charged and prosecuted. The US worries about outsiders disrupting the country ... hell, I think we've got our fair share right in the borders trying to inflict pain and suffering on many in the populace. Exactly as you said! "When RWers do it, the government acts like it's a damned fraternity prank."
rurallib
(62,448 posts)it could end up in much worse illnesses or other untreated problems.
So it does have that component of violence of a sort.
RKP5637
(67,112 posts)psychological. And for some, it could well end in death because of denial of medical care.
Maedhros
(10,007 posts)We can't follow the right-wing lead and start calling every criminal act "terrorism" just because it makes our political opponents look bad. The term "terrorism" is so vaguely defined that it is effectively meaningless.
The fact that invoking the magical word "terrorism" automatically allows law enforcement to ignore the Constitution underscores the need to refrain from using the term to describe crimes of other types. This is a DDOS attack, an incredibly common type of Internet crime.
RKP5637
(67,112 posts)agent46
(1,262 posts)Rockyj
(538 posts)for DOS attack on Scientology's web site: http://www.theregister.co.uk/Print/2008/10/17/scientology_ddos_guilty_plea/
This was a kid who was threatened prison for up to 10 years!
These are grown adults (well physically maybe not mentally) but the F.B.I. needs to be on them!
How about a petition encouraging their arrests?
elehhhhna
(32,076 posts)for saying the above much better than I could.
Belated WELCOME to DU!
toddwv
(2,830 posts)Let's stop using the term "terrorism" so loosely that it is applied by both sides to anything they don't like.
A DDOS is a crime and is likely a federal crime. Anyone want to bet that Issa doesn't bother launching an investigation over this?
Rosa Luxemburg
(28,627 posts)after all they can see where others can't
stlsaxman
(9,236 posts)"Trying to shut down a government website..."
Wait- if someone tries to shut down ANY other federal website- that's a felony, right?
sulphurdunn
(6,891 posts)never being charged with terrorism.
KittyWampus
(55,894 posts)ffr
(22,671 posts)It's about the money. And they have a financial interest in keeping America from improving. Oppressing those without political connections and maintaining GOP power is their goal.
This is why we need to register voters and get them to the polls EVERY election with one key idea in mind: NO MORE REPUBLICANS. NMR for short. Once they're gone from positions of political power, things like this will fade from view.
Spitfire of ATJ
(32,723 posts)Republicans did this:
Never forget who we are dealing with.
Response to eridani (Original post)
Post removed
eridani
(51,907 posts)LuvNewcastle
(16,856 posts)health insurance for the first time in their lives. It's got a lot of problems that need to be sorted out, and it's not nearly as good as Medicare, but it's a start. Give them some more time to make it better.
We do need to keep up pressure to get universal Medicare or something like it, and we need to make valid criticisms of the ACA so they'll get busy fixing it, but let's not toss the whole thing. If we lose it, we might never see any sort of health care reform in this country. You won't get lawmakers to stick their necks out again if the ACA is repealed.
Half-Century Man
(5,279 posts)One aspect of the ACA, the website wasn't as ready as it could/should have been. "X" amount of the problems with the website were caused by outside vested interests opposing successful implementation. One of the contractors involved seems to have had a severe conflict of interest.
Insurance companies who sold inadequate predatory policies in the past, blamed the government to camouflage their previously barely legal consumer fraud. The actual guilt of the government in this issue lays in the past, the reduction or non-existance of proper regulation of medical is the real issue.
LuvNewcastle
(16,856 posts)What I mean is that it's kind of a mess right now. There are some things about it that need fixing. I look at it as sort of a work in progress with the ultimate goal being something like a universal single-payer system. We'll have it eventually, and it'll be as popular as Medicare is now. In fact, it might even be combined with Medicare. They just didn't have the votes needed to pass what we needed all at once, but it will be done gradually, I'm pretty sure.
Half-Century Man
(5,279 posts)the MSM has been programing to word into the conversation.
Scuba
(53,475 posts)LuvNewcastle
(16,856 posts)MannyGoldstein
(34,589 posts)We'll apologize.
gulliver
(13,193 posts)Getting easier and easier to do just that.
seveneyes
(4,631 posts)It takes time for the FBI to get subpenas for ISPs to release the IP owners that run the scripts.
annabanana
(52,791 posts)B) Is it prosecutable?
This kind of attack can be classified as an attack on National Security, surely.
Is it OUR turn to exercise the Patriot Act?
jtuck004
(15,882 posts)the government network folks. The "attack" likely never made it to the site, since any such attack would simply be re-routed and/or dropped.
Still, the very act of trying is a federal offense, so we will see what happens.
Coyotl
(15,262 posts)The site log files will indicate every request it receives, timed to the hundredth of a second, IP of the requesting computer, etc. This is easy to prosecute if you follow the evidence.
PoliticAverse
(26,366 posts)to trace and prosecute.
http://en.wikipedia.org/wiki/Distributed_denial-of-service_attack#Distributed_attack
jtuck004
(15,882 posts)year on military and government sites across the country and around the world, because there is a network in front of them that prevents it. You would be correct if they had hosted this in someone's garage connected to their cable network, but I bet it's just like all the other serious networks in Federal facilities, which sit behind hardware and software run by rooms of people across the nation and around the world which protect them.
Malicious packets are routed away and dropped, and the sites go on. Else all the sites run by the government would be down on a continual basis. Perfect, no, but the crap in that article is nothing but shiny stuff to dangle in front of people who don't know better. Like getting one's news from the tabloid section of the supermarket.
You are correct about the log files, but those are not at the server, they are at switches and routers and in programs removed (logically) from the sites, behind doors protected by a lot of security. You must have higher clearance than most people to even get in the rooms. And the traffic must go through their control to get anywhere on a government computer behind that network.
Attacks on government computers are constant, 365 days a year, much of it international. If there wasn't security and an infrastructure to handle this the entire government would be unable to operate, whether military or civilian. And those log files you talk about show exactly that.
In our own private world we were dealing with DOS attacks back in the 90's, so this really isn't anything new. And the people being described in that article don't have enough sophistication to have done even those attacks, much less get through today's security.
Coyotl
(15,262 posts)and the system is confronted with the requests that are sent to it.
jtuck004
(15,882 posts)website, they are directed at the IP address the DNS directs them to, and that's not the web server, not directly. This is just one of many ways it could be done, but, for example:
Notice how "Web Instances" are on a private subnet? The traffic to them comes from the Internet, hits a load balancer then routers and proxy servers - and HAS to be routed onto their network, which is otherwise unreachable. No one that is competent is going to allow such a juvenile attempt at creating attack traffic onto the network. And the people caring for government computers are some of the most competent in the world.
But they aren't the ones who managed the creation of the web site.
Unless someone who couldn't even buy a clue set this up, (which is possible, I suppose, but I doubt it) that IP address points to an interface on a separate network. The traffic, IF you decide to let it through, is then routed onto a virtual network where the actual web site resides. It NEVER, EVER gets directly to the interface of the server, which likely only exists in software anyway.
So the whole idea that a bunch of bubbas can run a kiddie script and have any effect on this at all is more like a fairy tale.
But if you want to think otherwise, that's your option, of course. cya.
Coyotl
(15,262 posts)Yes, there is a DNS server too, of course. My domain is served on the web by a web server hosting my files. That is how web pages are relayed to those requesting them. I've taught this basic CIS literacy at the college level.
Clients request files and servers respond by delivering the requested files. The DoS attacking software requests file after file, constantly switching the request, attempting to overload the server and interfere with response performance.
jtuck004
(15,882 posts)preventing, successfully, attacks that go on all day long on government servers, in exactly the manner I described. And as soon as it is detected, the packets are diverted or dropped, end of story. But that is only one of hundreds of different attacks that are seen every day.
You might want to spend a little time reading up on how this is done in 2013, however. Because that traffic only gets to the server if it is allowed. Well, except maybe at your junior college.
Then again, you are teaching, not doing, so perhaps that's not as necessary.
Enjoy the echo.
Coyotl
(15,262 posts)Like I said, that's how it is. Get used to it.
A million security people cannot stop the file requests from coming down the series of tubes to the server in question.
defacto7
(13,485 posts)hits from injection attacks per day, about the same every few days from brute force attacks and several DoS attacks every once in a while... and that's just on one mail server alone. They barely make a dent. I've never had to shut down or have the services reset. Who ever tries to hit has .5 second to do their best before the IP they're using is blocked at the route for several hours. 99.99 percent of the time, the IPs are false so there is no tracking them. If the same IP attacks again after unblock, they go strait to the iptables for a month. Rarely does an IP get logged 5 times within half a second before they are blocked.
I'm sure the site was hit hard and the load is way over mine but I would imagine they would have many routes to redirect traffic. The attacks shouldn't happen but I'm not sure that would be an excuse for Internet problems.
jtuck004
(15,882 posts)want to, apparently, understand that what is being reported only ranges between trivial and nonsensical.
And if there really was a serious attack from domestic sources that really did anything there would be people with guns responding to inform them of the finer points of the law. But most have so little effect that it doesn't even warrant spending the gas to go to their house.
Did you see the Dilbert cartoon of a few weeks ago?
http://dilbert.com/strips/comic/2013-10-02/ <-- Like many others, I've lived through that, so this is eerily familiar.
The problem is the site design and the lack of preparation and testing, which means it is no different from most poorly implemented sites in the private sector. The tragedy is that it is so important to people's lives, and visible, and wasn't given the attention and seriousness it deserved. And now millions of people get to pay the price. And that's on the project managers and their bosses.
And if people will quit wanting to be lied to, it will get fixed faster.
defacto7
(13,485 posts)Most average computer users have the unrealistic notion that computers are magic and should work just "because". They don't know the serious technical nature of the beast, the difference between hardware, software, networking and all the totally different languages they speak or can speak, and how that has to be choreographed with data from thousands even millions of different sources... THEN translated into a form that they, Mr. and Mrs. John Q. Public, can make common sense of. The people who do know or have at least the impression of the complexity are on three sides: those who are able and are trying to make the system work, those who are patient because they understand, and those who use the ignorance of the public to undermine the process for political gain. Which one do you think has the easiest job?
People have no idea what the system is made of. They play their "angly birds", write their email and do Facebook trusting that the system and it's lords will make it work.... and that is a very dangerous.
Education is sorely lacking. Lackadaisical attitude and childish demand are legion.
(Sorry for the goofy language. I write that way when I get pissed)
jtuck004
(15,882 posts)"I write that way when I get pissed" - me too .
I try not to, but geez.
dreamnightwind
(4,775 posts)"Malicious packets are routed away and dropped"
Seems to me a well-executed distributed DDOS attack could be indistinguishable from legitimate page requests. Coming from different IP's, probably requesting different pages too, if well-written. How would such page requests be identified as malicious? I'm not attacking you, but as far as I can tell you haven't explained this, and without it, the rest of your argument is meaningless.
jtuck004
(15,882 posts)So we will keep it simple...
Because a legitimate request is just that - a tcp/ip request, a syn flag that starts the conversation. What is the problem with that? Do you think there is some evil magic smoke in there that's going to dust the software? Understand - that packet is 1s and 0s in a predetermined sequence as prescribed by RFCs. If if varies, it is detectable. When it isn't detected, that is a failure of a human to do their job, or something that hasn't been discovered yet (which happens, but just because it is discovered doesn't mean it was tried or successful). It's not magic.
Also know that there's probably not a single machine under that single server - it's all virtual, created in software, like the other 50 servers on that box, all running under (over) a main server that actually is on the hardware, right? And the whole network they are on doesn't exist except in software. And ALL of that exists behind management and routing hardware and software which takes care of all the packet checking, etc, before it even considers sending on to the virtual network. And ALL of it exists separately and apart from the Internet.
So when that hardware, or software, or management system, or whatever, gets what appears to be a properly formed packet, it opens a session, it gets a packet with a SYN flag but the sender address is forged (one type of DDOS attack), followed by many, many more. The server tries to answer the first few, but there is no answer, and it waits...but as soon as the security software senses the delay it starts looking for just such an attack, (it really is old school, but still used) and routes those packets off the network so they never get to the server. The impact is trivial, and likely has already been addressed by the time you quit thinking about what you were going to have for dinner and realized there was a problem (assuming you are sitting at the console). The job for humans comes after, in documenting, collecting evidence, etc.
So then it gets a packet, opens a session, gets a packet with a SYN flag, but something is different, it's legitimate, and is forwarded to the the server. It establishes it's handshake and serves up the page. Woohoo, Houston, we are ready for launch, And here comes a few hundred more, and then a few thousand.
On a properly designed web site that just means new machines (remember, they are all software), so they start "spinning up" to handle the demand of legitimate requests. And when the requests drop off, so do the machines.
I was just listening to a webcast where they described one of the Amazon services as accepting 14,000 i/o requests a second. How fast you think bubba can send his ddos attack? Think he or she has control of 14,000 machines? Doubt it, but just for arguments sake, let's say yes. Okay, there goes 3-4 seconds. What's next? And if some moron tries to send 14,000 requests from one machine, how many seconds do you think it will be until we figure it out? 2? 3?. The lines on the detection system monitor will be bright red by the time you can look up from your comic book.
If, as you said, it is "indistinguishable from legitimate page requests" then it IS a legitimate request. If it is an attack, it will be formed differently - some 1s and 0s will be in places they should not be - and that is detectable. If the source is forged, the detection will be that there are too many unanswered tcp handshakes, and the response will be appropriate. WHAT they are attacking may change, as new vulnerabilities are seen all the time as new software appears, but in a well-designed system at the level of the government, with thousands of some of the best security people in the world at the controls and gates, the odds of such an attack even getting to it's target is quite small, and actually causing a disruption even less so.
We are really, really good at this as a country. On your WIndows box, or even Linux or Mac, it's simply a different world. At your local ISP, unless it is in a really big data center like IBM's, or maybe RackSpace, or AWS, the odds are somewhere in between. Game players face this problem, because the servers that provide their service are not protected as well, so such an attack (as well as others) has more chance of succeeding. Amazon Web Services is an even higher level, but the use a shared security responsibility model, so you can actually put up a server that has a security issue which it is your responsibility to take care of - and if you don't, it could cost you, and potentially others.
In a government site the entire network is behind a classified network that allows packets onto it, and the technology that protects it is truly amazing. The odds of any such event happening are pretty small, and the silly, amateurish actions being described in the article above are almost trivial compared to what they face every day - say from a few million IP addresses in China used by computer scientists being paid by ??? to get what they can. Or a dedicated radical (not necessarily out of the country) out to kill as many as possible with software placed in a strategic area.
How healthcare.gov is set up is anyone's guess, but why would they leave it open to attacks that we prevent on a daily basis? The simple answer without other evidence to the contrary: it's not. The problems with the site are how it was designed and implemented, and lay at the feet of the project management and who they work for.
Which is why they brought in more help, like the guy who contributed to Obama's campaign. It's the design of the site, not jim bob renaming some worthless piece of crap script just so he can get a bunch of unformed people jumping up and down like meerkats with seizures.
Go read some man pages on TCP/IP, some sites about tcpdump and attacks - hell, just google it and you will see how humorous all this really is.
defacto7
(13,485 posts)I wish I had written that!
Anyway, The implementation of the site was too quick, too untested and constantly being thwarted... not by Internet attacks but by human ones making demands on project management that were out of order and unreasonable, some of which were by insurance companies (who were very careful) and the worst of which were by red state and federal politicians who wanted to trip up the systems implementation. There is a lot of blame to go around under the magnitude of the project and because of over zealous demands. Simply... it needed more time; no one had it and no one would give it.
dreamnightwind
(4,775 posts)I have not been claiming a DDOS attack was responsible for the ACA website problems, I just didn't understand your statements about how it could not be, or how unlikely that is.
I'm a programmer, not a network protocol person at all, so I know something about this stuff, but only at a pretty superficial level.
"If, as you said, it is "indistinguishable from legitimate page requests" then it IS a legitimate request. If it is an attack, it will be formed differently - some 1s and 0s will be in places they should not be - and that is detectable. If the source is forged, the detection will be that there are too many unanswered tcp handshakes, and the response will be appropriate. "
I get that a forged IP would lead to handshakes not completing. I don't get the first part, that the page requests from multiple hacked machines (or a large network of attackers, which seems less likely to me, though possible if it's a RW orchestrated attack) would be formed differently. I agree that it would take a lot of machines to make much of an impact.
I don't have to understand this, probably shouldn't have waded in, but if it wasn't clear to me it probably wasn't clear to a lot of people.
jtuck004
(15,882 posts)everything to find excuses for this instead of looking at where the real issue is and getting it fixed. Excuses don't fix anything. You had a legitimate question and I shouldn't get so snippy.
What I meant to say in my inept writing is that thousands upon thousands of legitimate requests (from the computer's point of view) could do a similar thing, take up system resources which would deny those services to others if the systems are not designed well (and that sure appears to be the case). But that's a a design problem, not having systems that should be able to handle the load - because that WAS the predicted legitimate load, if several million people were expected to sign up. It should have been designed to handle that with room to spare. It would likely take hundreds of thousands to make a real difference, and even then it should at most slow, not disable the site. Repeated IP addresses would have been flagged fairly quickly, and they probably don't control enough machines to really make a dent anyway. And just because they found a script that someone named "take down the site" doesn't say it was used, or effective, or anything else. There was a lot of inference in that story, not much of anything substantial. I could name my dog "flew to the moon", but it doesn't mean he did it. Sounds more like people trying to offer up excuses, in the hopes that something will divert attention from the real issue.
But what seems to be missing is the idea that the sites sit behind a network of really good security people that would nip that in the bud so fast it would make a person's head spin. So a lot of this speculation ignores reality.
I'm a sysadmin type - I admire the work most programmers do, but I never had the patience to argue for hours about the most elegant way to create a method, ya' know? I'm expected to get things working and keep them that way, not make excuses, and I have a hundred other fires to put out after the one I'm currently working on. So I have to cut to the problem, figure out WHY it's a problem, do my best to understand the why of the engineering, and make a good, solid fix across lots of different systems. It may not be elegant, but it works. I'm not always right, but I'm good at what I do and I'm right most of the time. I am always fixing things for people who get in their own way by insisting on creating demons that don't exist, or looking for things that "should be". They need to focus on "what is", and it is just hard for them to do.
This was/is a really important program, but I think inept management at several levels left us with a pile of crap, not realizing the work that needed to be done while either patting themselves on the back for doing a good job or thinking that they could shove the responsibility off on someone else. (And having worked on government projects that's not unusual. I can certainly picture that happening in D.C.). There were pressures from outside, but that doesn't really excuse this, and it doesn't get it fixed. The sooner people quit letting all the ancillary stuff that has little or nothing to do with it get in the way the sooner a solution will begin to emerge.
I was reading about it in the NY TImes. Some of the folks working on it said there were a few more people, but not much had changed, except that there were a "lot more suits walking around" (most of whom are probably not useful). A computer scientist commented on what it was going to take to fix it, and noting all the new experts that had been called in, said something to the effect of "Just because you get 9 women together doesn't mean you can have a baby in a month". And now we are hearing lengthening promises of when it will be ready. So we will see...
I'm seriously wondering if there are parts of this that were never really tested or working, just because the project managers never fully developed the requirements and outcomes. Wouldn't surprise me.
dreamnightwind
(4,775 posts)A lot more suits walking around sounds like a recipe for a bad environment. It would be one of my worst programming nightmares to work on a high-profile project such as this, have the roll-out fail, and have management escalating to get an expedited fix by adding a bunch of people to the team who haven't been there from the start. The 9 women quote is a great way to say exactly that. It might end up helping but you can bet it's a terrible mess as far as working as a team in a reasonable way.
I haven't gotten into this issue too much so I don't know where the fault lies. It's often impossible to tell from the outside anyway.
rhett o rick
(55,981 posts)PoliticAverse
(26,366 posts)the responsibility of Obama appointee Eric Holder.
rhett o rick
(55,981 posts)I dont think it was coincidence that the spy agencies remained unchanged after Obama became president. The President should fire Gen Clapper but he hasnt. I dont think he can.
Coyotl
(15,262 posts)People have power because they are the ultimate actors. And yes, someone gets to be the big boss. And yes, that's the President.
Berlum
(7,044 posts)As usual.
hue
(4,949 posts)jtuck004
(15,882 posts)today without it being immediately scanned and/or attacked. What is in that article is a very minimal portion of what goes on out there every single day, and any site not designed to account for it would have to be running on a site like "JImmy Joe's Web Hosting and Bait Sales", or at least by people completely ignorant of computer work in this decade. The stuff above is mostly for show, busy work for politicians and others who know nothing about how things really work. The odds that it has any effect on the site at all is probably nill. (Just FYI, there is a whole secret network, classified, behind doors you will never see behind, run by the military, that routes the government stuff, staffed by some of the best network security folks in the world, and they are VERY, VERY good at what they do. The people discussed in this article would have no chance of having the slightest impact on the network they protect, one which is hit by hundreds of attacks from sophisticated, intelligent criminals and curiosity seekers EVERY DAY.) In other words the coverage in the article is mostly sensationalist b.s. Those packets would have been dropped before they ever got there, because it would not have been left up to the project managers responsible for this screwed up implementation. And if they aren't protecting this one, one would have to ask why not?).
Note that any computer on the will see a scan, likely in less than a minute from the time they first hook to the Internet. Leave it on unprotected a few hours and it is almost certain that, if it is a Windows machine, it will be not only compromised but probably used to take part in attacks on others. (Not something you want to test without experience and precautions, btw. Because YOU might be held liable for putting an unprotected machine out there). The majority of the attacks come from overseas, a bit from inside the country. Anyone stupid enough to pick up these alleged tools and run them probably doesn't have the sophistication to realize they are committing a Federal offense, and nowhere near the knowledge to hide their attack, so they might as well put a big sign on their door saying "come arrest me, I'm a big dumbass".
Second, the site is a big pile of steaming shit, so what's the point? It doesn't work without their "attacks", laughable as they are, so why risk committing Federal crimes?
Third, unless things change, it appears that 5 times as many people who were previously uninsurable or are elderly are signing up, and unless that trend undergoes a real and sudden reversal, we should remember that the rates are based on a completely opposite prediction of many more younger, healthier people paying in. If this group, which happens to be suffering from some real unemployment issues - among others at the moment - doesn't jump up and start signing up in droves by the deadline, (which may happen, sure, but the preliminary numbers say it hasn't so far) then those who have already signed up will find their premiums increasing, perhaps a lot. (This possibility was foreseen, which is why there is no upper cap on premiums, just a 10% cap on the amount they can be raised in a year without asking permission. Then again, who is going to deny them permission when they say they will have to close their doors and go bankrupt because the costs are too high?)
If that happens it might just might push us into Medicare for all. With any luck.
RKP5637
(67,112 posts)B Calm
(28,762 posts)JackInGreen
(2,975 posts)I'll be keeping my eyes out, anyone know where to report anything like this if we encounter someone distributing it or it's like on the net?
Buns_of_Fire
(17,194 posts)vt_native
(484 posts)like with Aaron Schwartz.
truebluegreen
(9,033 posts)mac56
(17,574 posts)and they know it.
malaise
(269,157 posts)Treason and Sedition are taking place and no one is being punished.
PasadenaTrudy
(3,998 posts)Puzzledtraveller
(5,937 posts)Surely they already know who was doing this and has the goods on them packed up and ready to go to trial.
KrazyinKS
(291 posts)in any way possible. There are some pretty good computer geeks out there that could probably hack the site successfully. Second the insurance plans that were being canceled will probably have to raise their premiums because now when someone gets sick, the companies can no longer cancel their policies. Third, there was a story just this morning on Yahoo about young people staying put, meaning they are staying at home, not buying houses and moving. Because they can not get well paying jobs and are underemployed and broke. I am a big fan of heal care reform. This is an uphill battle and we can not afford to throw up our hands and quit.
RitchieRich
(292 posts)when I shared this on Facebook I made a point of posting the Fox"news" version as a comment below it, so all my intentionally acquired right "friends" would have to take it seriously. It made for an interesting result, seeing the two next to each other.
http://nation.foxnews.com/2013/11/13/attempted-cyber-attack-healthcaregov-confirmed
HooptieWagon
(17,064 posts)and yet tolerate the joke of a website that is FR?
KittyWampus
(55,894 posts)HooptieWagon
(17,064 posts)A couple of visits...damned difficult to follow the threads and make out who responses were directed at. No organization, so navigating to look for specific topics was impossible. It just looks like a whole bunch of random drunken rants.
truebluegreen
(9,033 posts)libtodeath
(2,888 posts)Kingofalldems
(38,475 posts)RKP5637
(67,112 posts)typing away. We put up with way too F'en much from these assholes.
rhett o rick
(55,981 posts)City Lights
(25,171 posts)RKP5637
(67,112 posts)City Lights
(25,171 posts)B2G
(9,766 posts)You would think he would be shouting it from the rooftops rather than eating all of the blame.
Weird.
PasadenaTrudy
(3,998 posts)Really hoping more will be revealed on this.
PoliticAverse
(26,366 posts)BumRushDaShow
(129,442 posts)and just about every public-facing government system gets jacked at one time or other.
I.e., people (including the media) focus too much on whining about problems and less on finding solutions. This is why the President is saying "yes there are a multitude of issues but here is what we are doing to address them" and then you move on.
deutsey
(20,166 posts)I'll be interested in learning whether the people who worked on the site had anticipated such politically motivated attacks and tried to guard against them.
uponit7771
(90,364 posts)proud patriot
(100,715 posts)movonne
(9,623 posts)act...
spanone
(135,873 posts)yea, sure...
GoCubsGo
(32,088 posts)I also won't be surprised when this information doesn't make the MSM tonight or any other time.
Whisp
(24,096 posts)this sounds like one of those crazy conspiracy theories! things like that don't Really happen!
albino65
(484 posts)My post of October 24:
I know there are a lot of problems with the ACA website, but I am not sure you can count out a coordinated DOS attack by right wing nut jobs. We already know that they use bots and trolls to disrupt discourse on many news forums. I'm also sure that a large number of people were just there "kicking tires " rather than actively seeking health insurance. Also, some of the contractors may not have been giving their best in the run up to roll out due to being disheartened by the controversy and obstructionism by the GOP. If they thought that it was likely that the ACA would fail to launch, they may have seen little prospect in their work. We need to take the example of Kentucky and press our state lawmakers to institute state exchanges. No matter, the media grabs hold of the failures and never the successes.
Xithras
(16,191 posts)DDOS attacks are only effective against small-scale web services and enterprise services that have failed to implement modern security architectures. If the government were to try and blame it on hackers, they'd have to admit that the new website was implemented using a model at least a decade out of date.
A modern, scalable, distributed web architecture is effectively DDOS proof. Heck, HHS could have parked the site behind Cloudflare's distributed network and made it DDOS proof for only a few thousand dollars a month, even WITH an outdated single datacenter web server model. The fact that it was vulnerable to this kind of attack isn't a great sign, and I doubt that the government really wants us web security types pointing that out.
It would be like saying "Yes, we knew that there were burglars in the neighborhood, and that they hated us, and we left the doors unlocked anyway...but it's not our fault we got robbed!"
DonCoquixote
(13,616 posts)I do hope that these guys can get attacked with the same feroicty snowden was.
DissidentVoice
(813 posts)The far right has already demonstrated they will do anything in their power (Constitutional, legal or not) to block anything they don't like - by extension, anything President Barack H. Obama has done or will do.
They didn't like "Obamacare"...so they played chicken with a government shutdown.
They still don't like "Obamacare"...so they have their hackers screw up the ACA website.
From here on out, we should not be surprised at anything these people will do, and be prepared for the worst.
NealK
(1,879 posts)They always have to cheat and/or commit crimes in order to push their agenda or win elections.
Response to eridani (Original post)
Name removed Message auto-removed
gopiscrap
(23,765 posts)YOHABLO
(7,358 posts)Well you have the super rich multinational groups like the Kochs .. what can you say?
gopiscrap
(23,765 posts)DirtyDawg
(802 posts)...take em out and shoot em...no trial, no Miranda, no notice...and it'll only take one.
chuckstevens
(1,201 posts)NOT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
chuckstevens
(1,201 posts)If the President and his administration refuse to make the public aware of this, then they deserve to fail. RAISE HOLY FUCKING HELL OVER THIS! Would they ONCE go on the offensive?
If the president does want to save his reputation, he's a fool, but dam it; he will hurt the whole Democratic Party in the 2014 mid-terms and God knows where that will take the nation.
Firebrand Gary
(5,044 posts)This is crazy! Why are we not plastering this all over the place, I'm so over this BS... Ahhhh
cherokeeprogressive
(24,853 posts)area51
(11,920 posts)emsimon33
(3,128 posts)tofuandbeer
(1,314 posts)Like Jerry Brown said in his bid for president (too many years ago): Let's Take America Back.
SleeplessinSoCal
(9,145 posts)political donations. But I'd bet 90% of Americans think only the Tea Party was flagged.
This is not likely to get the same kind of attention as the glitches and dropped coverage is getting.
Amimnoch
(4,558 posts)I don't think I've ever met a far right conservative that wasn't a technophobe, and completely computer stupid. Generally anything past facebook, skype, and rightwing blogs is beyond their capability.
Of course, if we can prove that some of them are smart enough to actually run a successful cyber attack, then they no longer have any ground at all to argue against evolution.
NYC_SKP
(68,644 posts)Pryderi
(6,772 posts)MrsChrist
(1 post)I'm shocked, Agast, and clutching the pearls around my neck thinking it's probably the Main Stream Media's fault for not letting those State Governor create their own web site, or shutting down the government for the 1st two weeks, or just Defunding present bills. Time for the Nucular Option