Downtrend
Because that's the direction of our freedoms.

Hacking Expert Extracts 70,000 Records From Obamacare – In Four Minutes

Hacker

(14 comments)

Robert Gehl By
January 20, 2014

In four minutes, hacking expert David Kennedy extracted 70,000 personal records from Obamacare enrollees through HealthCare.gov, he told Chris Wallace on “Fox News Sunday” (video below).

“There’s a technique called ‘passive reconnaissance’ which allows us to query and look at how the website operates and performs,” he said.

“And these type of attacks that I’m mentioning here, and the 70,000 [personal records Kennedy found] that you’re referencing, is very easy to do,” Kennedy continued. “It’s a rudimentary type attack that doesn’t actually attack the website itself. It extracts information from it without actually having to go into the system.

“Think of it this way,” he said. “Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it. That’s basically what they allow you to do and there’s no real sophistication level here — it’s just really wide open. So there’s no hacking actually involved.”

Kennedy said retrieving 70,000 personal records was not difficult and it took a standard browser to launch the “attack.”

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that. You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a four-minute timeframe. So, it’s just wide open,” he said. “You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself.”

  • Tim McCarthy

    Never been hacked? Another large lie or another proof of incompetence.

    • JonaD

      I’m hacking you right now Tim… that’s Tim McCarthy, right? OMG!! Now I’ll tell all my friends that Tim McCarthy, is on downtrend!! So what is hacked… this guy isn’t telling us WHAT! he got!

  • osamaba bin mooch michelle

    They STILL deny the site is not secure… Send them to jail!!!!

    • JonaD

      Define ‘secure’… you can’t.

      • osamaba bin mooch michelle

        Of course it’s impossible to make a bullet proof website but it would have been nice to see an attempt at least was made to secure the site and there clearly wasn’t which is beyond bizarre and irresponsible and just about criminal considering it’s so easily hackable and they told people to sign up as fast as they could. That’s all I’m trying to say.

      • NickyNose

        How’s this? Protect against threats, attempt to make safe, the government is concerned with trying to secure the economy against to much foreign ownership. Or in the case of ACA the government could care less with security just as long as everyone signs up for it

  • NickyNose

    Glad I have decided to NEVER sign up for this. I’ll pay a fine for the rest of my life if I must but I will not give up my freedom

    • A WILLS

      Good, pay everybody else’s healthcare for a lifetime.

  • JonaD

    It reminds me of when whitehouse.gov hosted Obama’s birth certificate and I downloaded it to zoom in and guess what… it was a photoshop document! Ok, that in itself was no big deal, people often ‘clean up’ things, but the LAYERS included separated essential data, which means the documents was a fake… like someone adding Elvis to their selfie! So I waited for things to go wild, but everywhere people mentioned that, many others jumped on and said they were just racist, and it wasn’t true although they didn’t download the document themselves and so on until the FACT! that it is FAKE was buried under a ton of people’s personal and political agendas. I have no idea if that document is still on the .gov site, or if it’s still the one I downloaded, but it doesn’t matter… I am positive if no aliens landed on the white house lawn, many will say they did, AND if aliens did! land on the white house lawn many would say their ships aren’t actually there. SO… knowing this, I realize this existence as witnessed by myself, by others, by citizens, by govts., by readers, by hackers… is a BIG LIE! For instance, 70,000 records?? OF WHAT!! Of passcodes, of SS#s, of the size and shape of their genitals!??? WE DON’T KNOW… maybe it’s just that 70,000 people TRIED to access that stupid site, I know I have for over 2 months and can’t even join this idiot program!! So, if I can’t get on and register, and people area complaining left and right that the site sucks and they can’t get on… maybe this guy saying he got 70,000 records is a subtle underhanded BS attempt to cause people to think the site was successful… like 70,000 people could ACTUALLY put their info onto it?? The vague info serves both purposes, doesn’t it?

    • NickyNose

      I’m confused. So what you’re saying is the birth certificate was a fake, just like everything else this President does and you still believe in him?

      • De

        I talked and know someone that was born in Hawaii and she says it is fake and is it a coincidence the person that worked for the government is Hawaii step forward about Obama’s SS#. It did did not belong to him, but it did belong to a dead person. She is now dead too.

  • JonaD

    ““And 70,000 was just one of the numbers that I was able to go up to and I stopped after that. You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a four-minute timeframe. ”

    See? So in essence behind this breech, behind the stigma of a hacker, behind the supposed failure of this site to secure data… is a SIGN, a HINT, that the site is SUCCESSFUL! Because this junk program couldn’t possibly have that many people’s records sitting in their buffer, I haven’t been able to join the program, in 2 months!!, and MANY!!! people say the same. SO maybe, this guy is a shill?! WE DON’T KNOW! And that’s the problem, news bits online are NONESENSE to ‘believe in’… but, guess all of YOU people still do? You see, joining the program, IS THE LAW, so like it or not, if you don’t join, YOU will pay. Bummer huh?

  • De

    ….and they want your bank information out there for anyone to take. For those of you that have signed up, I hope you are checking your bank accts. because someone can empty them, especially since some that are taking your information have felonies. I have read government has double charged some people.

  • DesertSun59

    Amusing assertion. Not a single name was revealed.

    I find it amusing that the Right on this forum want to lynch Obama over this amusing assertion, while they don’t say a single word – NOT A WORD – about all the HUGE corporations that have been regularly hacked in 2013 alone. And that includes supposedly secure resort hotels and Target. Not a word. To wit:
    http://www.heavy.com/tech/2013/03/a-timeline-of-companies-that-have-been-hacked-in-2013/