White Hat Hacker: Healthcare.gov Never Had Security Built Into It
December 3, 2013 - 9:17 am
Let’s go over what President Barack Obama is telling Americans to do. He’ll speak again today on the subject of Obamacare, and will probably tell Americans that the website is working better so go ahead and use it to shop for health insurance.
He will be telling Americans to transmit their personal information via a site that is unsecure, and was never built with any security at all, according to white hat hacker David Kennedy.
It could take a year to secure the risk of “high exposures” of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC on Monday.
“When you develop a website, you develop it with security in mind. And it doesn’t appear to have happened this time,” said David Kennedy, a so-called “white hat” hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.
“It’s really hard to go back and fix the security around it because security wasn’t built into it,” said Kennedy, chief executive of TrustedSec. “We’re talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself.”
Another online security expert—who spoke at last week’s House hearing and then on CNBC—said the federal Obamacare website needs to be shut down and rebuilt from scratch. Morgan Wright, CEO of Crowd Sourced Investigations said: “There’s not a plan to fix this that meets the sniff test of being reasonable.”
HHS had explained then that steps were taken to ease security concerns after the memo was written, and that consumer information was secure. Technicians fixed a security bug in the password reset function in late October, the agency said.
But on CNBC, Kennedy disputed those claims, saying vulnerabilities remain on “everything from hacking someone’s computer so when you visit the website it actually tries to hack your computer back, all the way to being able to extract email addresses, users names—first name, last name—[and] locations.”
President Barack Obama, who we now know lied for years about what Obamacare would do, will be telling unsuspecting Americans to expose themselves and their families to hackers and identity thieves. In fact, not only is Obama telling them to do this, via Obamacare’s mandates he is ordering them — at the threat of facing an IRS that has become a political weapon — to do it. He will not only not warn Americans of the dangers, he will try to convince them that all is well with Healthcare.gov’s security. When the site will remain unsecure for many months, maybe even a whole year.
And it doesn’t stop there. Suppose you’re not computer savvy or find Obamacare confusing. Most people do. Obama wants you to go to the “navigators,” who are being paid to help Americans figure out Healthcare.gov and use it to buy insurance. But the navigators themselves aren’t being vetted. They’re not Boy Scouts. This administration would never choose Boy Scouts, as its intolerant hard left core would never stand for that. Among the navigators are leftwing political groups of the type caught helping pimps and engaging in election fraud, and felons and assorted henchmen of far left politics. Using the navigators amounts to playing Russian roulette with your personal information.
So, Obama will be sending unsuspecting Americans straight into the arms of some seriously bad actors. To use a website which compromises your personal information.
I’m sorry, but this is not mere politics or a president papering over a rickety policy. It’s not mere incompetence or average political dishonesty. This is evil.
If a private sector CEO did what Obama is doing, they would be headed for prison.