Thursday, October 30th, 2014

Lose Your Plan, Lose Your Doctor, Lose Your Personal Data: Obamacare Site “Alarmingly” Insecure, Expert Says

Lily Dane
The Daily Sheeple
January 22nd, 2014
Reader Views: 880

obama-100154245-large

Top cyber security consultant David Kennedy has provided testimony to Congress that outlines “critical flaws” and “alarming security threats” on the Healthcare.gov website.

Last Sunday, Kennedy told Fox’s Chris Wallace that he was easily able to penetrate the healthcare exchange. He said he determined that he could gain access to 70,000 personal records of Obamacare enrollees.

He’s a security expert, so surely he used some tricks of the trade to crack the website, right?

Nope. Kennedy said it only took him about 4 minutes and a standard browser to access the information, and that he didn’t even have to hack the website:

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute time frame. So, it’s just wide open.”

“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he said.

Kennedy explained what he and other experts discovered about the lack of security on the exchange:

“What we learned was that they had rushed through what we call the software development life cycle where they actually build the application.”

“So when you do that, security doesn’t really get integrated into it. And what happened with the rocky launch in October is they slapped a bunch of servers in trying to fix the website just to keep it up and running so that people could actually go and use it. The problem is they still didn’t imbed any security into it.”

“It’s not just myself that’s saying this website is insecure, it’s also seven other independent security researchers that also looked at the research I’ve done and came to the exact same conclusion.”

Last Thursday, Kennedy told the House Science, Space and Technology Committee that nothing has changed since the November hearing on the site’s security issues:

“HealthCare.gov is not secure today. I don’t understand how we’re still discussing whether the website is insecure or not. It is insecure – 100 percent.”

Before the hearing, Kennedy told Reuters what is wrong with the site:

The government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1. Hackers could steal personal information, modify data, attack the personal computers of website users and damage the infrastructure of the site.

Teresa Fryer, the CMS chief information security officer, claimed that the Obamacare website underwent end-to-end security testing on December 18 and that all industry standards were met:

“The (federal marketplace) is secure. In many instances, we have gone above and beyond what is required, with layered protection, continuous monitoring and additional penetration testing,” Fryer said.

Darrell Issa, chairman of the House Oversight and Government Reform Committee, made an excellent point:

 “It seems to defy common sense that a website plagued with functional problems was, in fact, perfectly secure by design.”

Delivered by The Daily Sheeple


Contributed by Lily Dane of The Daily Sheeple.

Lily Dane is a staff writer for The Daily Sheeple. Her goal is to help people to “Wake the Flock Up!”

Please share: Spread the word to sheeple far and wide

Get Regular Updates!     Enter Email Address           privacy information  

Leave A Comment...
The Daily Sheeple Home Page


Get Regular Updates!
Get Sheeple news delivered to your inbox. It's totally free and well worth the price!
email address privacy

Copyright 2009 - 2014 The Daily Sheeple. (v.8)

The ideas expressed on this site are solely the opinions of the author(s) and do not necessarily represent the opinions of sponsors or firms affiliated with the author(s). The author may or may not have a financial interest in any company or advertiser referenced. Any action taken as a result of information, analysis, or advertisement on this site is ultimately the responsibility of the reader. The Daily Sheeple is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.