- Tennessee ammunition site explodes, killing 1
- U.N.: Iran cuts stock closest to nuke-arms grade
- Oklahoma gay-marriage case before U.S. appeals court
- Times wins two awards from Society for Professional Journalists
- Marionville mayor ‘kind of agreed’ with Kansas City shooter’s views
- Rev. Al Sharpton’s Easter message: Politically ‘crucified’ Obama has risen again
- Supreme Court to weigh challenge to ban on campaign lies
- UNICEF launches ‘Mr. Poo’ mascot in India to curb public defecation
- Teen taking selfie by train: ‘Wow, that guy just kicked me in the head’
- Goodbye, Afghanistan — hello, Africa: Air Force to shift as U.S. exits Middle East
Fear that a former Soviet republic inserted malicious code in Obamacare site
Checks of software urged for cybersecurity exploits
U.S. intelligence is urging the Obama administration to check its new health care computer network for malicious software after learning that developers linked to the Belarusian government helped produce the website, raising fresh concerns that private data posted by millions of Americans could be compromised.
The intelligence agencies notified the Department of Health and Human Services, the agency in charge of the HealthCare.gov network, about their concerns last week. Specifically, officials warned that programmers in Belarus, a former Soviet republic closely allied with Russia, were suspected of inserting malicious code that could be used for cyberattacks, said U.S. officials familiar with concerns.
The software on the website links the millions of Americans who signed up for Obamacare to the government and more than 300 medical institutions and health care providers.
“The U.S. Affordable Care Act software was written in part in Belarus by software developers under state control, and that makes the software a potential target for cyberattacks,” one official explained, speaking only on the condition of anonymity.
Cybersecurity officials said the concerns are compounded by an Internet data “hijacking” incident last year involving Belarusian state-controlled networks. The monthlong diversion covertly rerouted massive amounts of U.S. Internet traffic to Belarus — a repressive dictatorship country bordering Russia, Poland and Ukraine.
“Belarusian President [Alexander] Lukashenko’s authoritarian regime is closely allied with Russia and is adversarial toward the United States,” the official said.
The combination of the Belarus-origin software, the Internet rerouting and the anti-U.S. posture of the Belarusian government “makes the software written in Belarus a potential target of cyberattacks for identity theft and privacy violations” of Americans, the official said.
U.S. officials were alerted to the Belarus angle last month when a top official in the country boasted on radio about his country’s role in programming the Obamacare website.
Rep. Mike Rogers, Michigan Republican and chairman of the House Permanent Select Committee on Intelligence, said he was surprised by media reports from Belarus indicating that “some parts of HealthCare.gov or systems connected to it may have in fact been written overseas.” He called for an independent security review of the Obamacare website.
Mr. Rogers said he was especially concerned by the potential software vulnerability because an official testified to Congress that all software work for the network had been performed in the United States.
“We need an independent, thorough security evaluation of this site, and we need the commitment from the administration that the findings will be acknowledged and promptly addressed,” Mr. Rogers told the Free Beacon.
“I continue to call on HHS to shut down and properly stress test the site to ensure that consumers are protected from potential security risks from across the globe.”
Security officials last week urged HHS to immediately conduct inspections of the network software for malicious code. The software is being used at all medical facilities and insurance companies in the United States.
The officials also recommended that HHS use security specialists not related to software vendors for the inspections to reduce further risks.
Officials disclosed the software compromise last week after the discovery in early January of statements by Belarusian official Valery Tsepkalo, director of the government-backed High-Technology Park in Minsk.
TWT Video Picks
By John R. Bolton
Reality calls for attaching Gaza to Egypt and the West Bank to Jordan
- 'Culture of intimidation' seen in Nevada ranch standoff
- With pot and e-cigarettes, Big Tobacco is just waiting to inhale emerging markets
- FISHER: Shades of Berlin in the South China Sea
- IRS emails reveal discussion with Justice about suing nonprofits for election activities
- Rand and Ron Paul ride to the rescue for Bundy in Nevada standoff with feds
- Removal of military gear limits options for U.S., NATO in Ukraine
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
- CNN op-ed claims right-wingers 'more deadly than jihadists'
- Atheists rush to stage Easter display: 'Jesus Christ is a myth'
- BOLTON: A 'three-state solution' for Middle East peace
Celebrity deaths in 2014
Top 10 handguns in the U.S.