The hacking expert who testified before Congress last week about the security failures of HealthCare.gov, explained Sunday how he was able to penetrate the site. In less than four minutes.
“There’s a technique called ‘passive reconnaissance,’” hacker David Kennedy explained to “Fox News Sunday” host Chris Wallace, “which allows us to query and look at how the website operates and performs.”
“And these type of attacks that I’m mentioning here, and the 70,000 [personal records Kennedy found] that you’re referencing, is very easy to do It’s a rudimentary type attack that doesn’t actually attack the website itself. It extracts information from it without actually having to go into the system.”
“Think of it this way. Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it. That’s basically what they allow you to do and there’s no real sophistication level here — it’s just really wide open. So there’s no hacking actually involved.”
Good to know, huh? Guess what's even more troubling? Kennedy said that gaining access to 70,000 personal records of ObamaCare enrollees via HealthCare.gov took less than four minutes, and required nothing more than a standard browser to pull off.
“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself.”
"You can't make this stuff" is overused and often overstated. In the case of ObamaCare, not so much. Happy shopping, health insurance customers.