By Robert Gehl, January 20, 2014.
In four minutes, hacking expert David Kennedy extracted 70,000 personal records from Obamacare enrollees through HealthCare.gov, he told Chris Wallace on “Fox News Sunday” (video below).
“There’s a technique called ‘passive reconnaissance’ which allows us to query and look at how the website operates and performs,” he said.
“And these type of attacks that I’m mentioning here, and the 70,000 [personal records Kennedy found] that you’re referencing, is very easy to do,” Kennedy continued. “It’s a rudimentary type attack that doesn’t actually attack the website itself. It extracts information from it without actually having to go into the system.
“Think of it this way,” he said. “Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it. That’s basically what they allow you to do and there’s no real sophistication level here — it’s just really wide open. So there’s no hacking actually involved.”
Kennedy said retrieving 70,000 personal records was not difficult and it took a standard browser to launch the “attack.”
“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that. You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a four-minute timeframe. So, it’s just wide open,” he said. “You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself.”