John McAfee may be a bit of a loon. However he’s quite correct in saying the sloppy structure of healthcar.gov will lead to identity theft. And check the dumbfoundingly stupid response by HHS to Mother Jones asking about clickjacking. HHS promises to investigate after it happens. This of course assumes they are aware it happened at the time it happened, which is not bloody likely. HHS says nothing about changing the code so the clickjacking attack can’t happen.
John McAfee On Obamacare: “This Is A Hacker’s Wet Dream”
NEIL CAVUTO: What do you make [of Obamacare]? Obviously, a lot of people have been focusing on the law but not really cognizant of the privacy part of the law, and how hackers could have a field day with it. Is it that bad?
JOHN McAFEE: Oh, it is seriously bad. Somebody made a grave error, not in designing the program but in simply implementing the web aspect of it. I mean, for example, anybody can put up a web page and claim to be a broker for this system. There is no central place where I can go and say, ‘Okay, here are all the legitimate brokers, the examiners for all of the states and pick and choose one.’
Instead, any hacker can put a website up, make it look extremely competitive, and because of the nature of the system, and this is health care, after all, they can ask you the most intimate questions, and you’re freely going to answer them. What’s my Social Security number? My birth date? What are my health issues?
Well, here’s the problem — it’s not something software can solve. I mean, what idiot put this system out there and did not create a central depository? There should be one website, run by the government, you go to that website and then you can click on all of the agencies. This is insane. So, I will predict that the loss of income for the millions of Americans who are going to lose their identities — I mean, you can imagine some retired lady in Utah, who has $75,000 dollars in the bank, saving her whole life, having it wiped out one day because she signed up for Obamacare. And believe me, this is going to happen millions of times. This is a hacker’s wet dream. I cannot believe that they did this.
They are going to continue to do this as long as we give them the power to do so. And ObamaCare itself is the loosest of all. You can imagine the type of information — medical records, personal issues, psychological issues. I mean, the government’s going to know everything in the world about everyone very soon.
Mother Jones. Healthcare.gov could be hacked via clickjacking
“Common clickjacking would be a popular method to attempt to exploit [the site]” says Wilhoit. “Hackers could use this information in the creation of fake identities, fake credit cards, and fake accounts very easily.” He adds that it’s relatively easy to fix, although the fixed code would need to rolled out on multiple Healthcare.gov pages and potentially state websites as well.
Asked about clickjacking concerns, the Department of Health and Human Services (HHS) referred Mother Jones to this security statement, which says that Americans don’t need to worry: “If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents.”