Obamacare Website Security? We Didn’t Build That

Morgan Brittany
|
Posted: Jan 20, 2014 12:01 AM

If you have accessed or plan to go on the Obamacare website, you may as well kiss your private information goodbye.According to Congressional testimony given this week, security issues are worse now than when questions were asked in November of 2013.There is little doubt that consumers may be at risk and are vulnerable to having their personal information compromised.

In answer to questions presented about the state of security after fixes were made, David Kennedy, founder of security firm Trusted Sec gave some chilling answers.Kennedy, who is a cyber expert not only founded this company but also worked for the NSA and Marines.He testified in front of Congress last November answering questions about the website and was called in again to give an update after “new and improved” fixes were made.

According to Kennedy, the Obamacare website is worse than it was before.He explains that with the disastrous rollout of the website, they haphazardly put together a bunch of servers just to patch the web site and keep it going, but didn’t embed any security into it.Even though Kennedy did not hack the site, he could still access the records of over 70,000 people who had attempted to sign up and he did it within 4 minutes!

He used a technique called passer reconnaissance that doesn’t attack the website itself, but extracts information without having to go into the system.He said that the system was wide open and he could have accessed hundreds of thousands of records.These records consisted of names, addresses, Social Security numbers as well as birthdates.Not only that, but healthcare.gov is linked to the IRS and the Department of Homeland Security so that opens up a whole plethora of problems.A hacker could virtually find out not only your basic information, but how much you make, what your financial situation is and anything else that they want to know.The IRS, DHS, and other third party organizations all feed in to the healthcare.gov data base in order to validate everything thus making you extremely vulnerable.If an attacker gets in, they have access to your entire online identity.Everything you do can be seen, from what you pay in taxes, what you make and even give them all the information they need to take out lines of credit.

Of course at the hearings the government witnesses pooh-poohed all of this testimony stating that the website was 100% secure.Teresa Fryer, the CMS information security officer said that the site had been fully tested and was secure.“the security control assessment met all industry standards, was end to end tested and was conducted in a stable environment and allowed for testing to be completed in the allotted time.”Ok, I believe that.

Seven other independent security researchers looked at Kennedy’s findings and came to the exact same conclusion that he did.The site was NOT secure.The pushback continued with the government touting the fact that if the site was so vulnerable, why had it not been hacked?

Kennedy, on Fox News Sunday with Chris Wallace explained that the third party company contracted to build the security operations center which could detect these types of attacks, had not even been built yet!They haven’t found any evidence of attacks because they don’t have the ability to detect them!This is pure madness and incompetence and the American people should be outraged.

The whole Obamacare fiasco keeps getting worse and worse.The numbers are bogus and the doublespeak on sign-ups is ridiculous.There is still no accurate accounting of who has insurance and who doesn’t since no one knows who has paid premiums for coverage.The desperate attempts at wooing young people have gone from the ridiculous to the absurd with the recent 6 hour infomercial starring Richard Simmons!

This is disastrous and no one has even mentioned the fact that foreign hackers from places like China could have a field day playing with our personal information.

Morgan Brittany

Politichicks.tv

@MorganBrittany4