Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Security Expert Hacks Obamacare Website In 4 Minutes; Accesses 70,000 Records
Zero Hedge ^ | January 20, 2014 | Michael Krieger

Posted on 01/20/2014 8:42:03 PM PST by Zakeet

The hits just keep on coming for ObamaCare. It was less than two weeks ago that I highlighted the potential premium rate death spiral that ObamaCare faces due to the fact that only old and sick people are signing up for the program. Now it seems there are further security related concerns plaguing the site, as cyber-security expert David Kennedy recently claimed that “gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes.”

It’s actually hard to be this incompetent if you tried. More from the Washington Times:

The man who appeared before Congress last week to explain the security pitfalls of HealthCare.gov took to Fox News on Sunday to explain just how easy it was to penetrate the website.

Hacking expert David Kennedy told Fox’s Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported.

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it’s just wide open.”

“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he said.

Mr. Kennedy testified before Congress Thursday that HealthCare.gov was “100 percent” insecure, Washington Free Beaconreported.

For some context on this very important issue, check out the video below:

[Video embedded in article]

Full article here.


TOPICS:
KEYWORDS: abortion; deathpanels; healthcare; obamacare; obamacaresecurity; obamacarewebsite; security; zerocare
Navigation: use the links below to view more comments.
first 1-2021 next last

It’s actually hard to be this incompetent if you tried ...

1 posted on 01/20/2014 8:42:04 PM PST by Zakeet
[ Post Reply | Private Reply | View Replies]

To: Zakeet

This hacker is obviously racist.


2 posted on 01/20/2014 8:45:42 PM PST by LukeL
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

Obamacare is just about over.


3 posted on 01/20/2014 8:49:07 PM PST by Republican1795.
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

I call BS!

Everyone knows there aren’t 70,000 records there!


4 posted on 01/20/2014 8:51:47 PM PST by bigbob (The best way to get a bad law repealed is to enforce it strictly. Abraham Lincoln)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob

Or, maybe he better check to see what’s in those records...I’d predict he got 70,000 versions of:

“Access Denied. 404. Server timeout. Abort/retry/fail?”


5 posted on 01/20/2014 8:55:35 PM PST by bigbob (The best way to get a bad law repealed is to enforce it strictly. Abraham Lincoln)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Republican1795.

wanna bet?


6 posted on 01/20/2014 8:58:17 PM PST by is_is (VP Dad of Sgt. G - My Hero - "Sleep Well America......Your Marines have your Back")
[ Post Reply | Private Reply | To 3 | View Replies]

To: bigbob
Or, maybe he better check to see what’s in those records...I’d predict he got 70,000 versions of:

all the various combinations and permutations of Obama's

1. Names

2. Nationality

3. Birth dates

4 Hospital of birth

5. Fathers name

6. Fathers nationality

7. Social security numbers

8. Residences

9. Sexual orientation

10. Other....

7 posted on 01/20/2014 9:03:01 PM PST by spokeshave (OMG.......Schadenfreude overload is not covered under Obamacare :-()
[ Post Reply | Private Reply | To 5 | View Replies]

To: bigbob
Everyone knows there aren’t 70,000 records there!

That depends; given the underlying database-structure a single person's data could be spread across multiple database tables (not a bad thing*), each of which is a distinct record.

* You can use this to group data together, or to "compress" common data -- like storing 1..50 for each of the several states and using that number to reference the state rather than the full name or two-letter postal code.

8 posted on 01/20/2014 9:03:23 PM PST by OneWingedShark (Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Zakeet

0 only found out when he saw it on TV, like the rest of us.


9 posted on 01/20/2014 9:04:31 PM PST by ntnychik
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

It’s patriotic to lose your personal info, right Joe?


10 posted on 01/20/2014 9:07:32 PM PST by 12th_Monkey (One man one vote is a big fail, when the "one" man is an idiot.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet
A SQL injection attack against the username field is a common technique that yields massive exposure for little effort. The typical naive backend SQL script will directly substitute a browser field into a SQL "where" clause e.g. select ssn where username = '$username'; You fill in the username field with the value ' or '1' -- which changes the substituted value to select ssn where username where username = '' or '1' -- That yields a wildcard match on all usernames and spews all the ssn fields. The actual values will differ, but that is the gist of a SQL injection attack.

See SQL Injection attack

11 posted on 01/20/2014 9:15:15 PM PST by Myrddin
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

But, hey, look over there at Chris Christie . . .


12 posted on 01/20/2014 9:16:18 PM PST by BAW ("If you like your health plan, you can keep your health plan. Period.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob
Everyone knows there aren’t 70,000 records there!

65,000 of those records were put there by other hackers.

13 posted on 01/20/2014 9:35:53 PM PST by TChad (The Obamacare motto: Dulce et decorum est pro patria mori.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Myrddin

That is exactly why the process control industry uses so many layers of protection to it’s servers running SQL servers process layer servers.

That and of course Windows OS running on the servers.

Also most of this is edicts sent down from above by boards that have direct ties to Federal Government Security Regs for Process Control. Oh, that is right, that only goes BOOM not someones life savings


14 posted on 01/20/2014 10:13:38 PM PST by eartick (Been to the line in the sand and liked it)
[ Post Reply | Private Reply | To 11 | View Replies]

To: is_is

Well it is hard to believe the thing is even sustainable at this point.


15 posted on 01/20/2014 10:22:19 PM PST by Republican1795.
[ Post Reply | Private Reply | To 6 | View Replies]

To: Zakeet

How reassuring.


16 posted on 01/20/2014 11:09:53 PM PST by Eleutheria5 (End the occupation. Annex today.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

Maybe he can tell us how many successfully enrolled and how many paid. Seems the government is unable to determine these numbers.


17 posted on 01/21/2014 2:57:23 AM PST by Lockbox
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet

SQL Injection Marker


18 posted on 01/21/2014 3:35:52 AM PST by kinsman redeemer (The real enemy seeks to devour what is good.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Zakeet
My local news reported that 2 women were found at the Mexican border with credit cards that were created as a result of the Target security breach. I'm starting to wonder if all of these security breaches aren't just more punishment to the ‘colonialists’ and a direct means to redistribute the wealth that ‘somebody else made happen’.
19 posted on 01/21/2014 3:58:07 AM PST by liberalh8ter (The only difference between flash mob 'urban yutes' and U.S. politicians is the hoodies.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob

Sounds about right, Bob :)


20 posted on 01/21/2014 5:23:26 AM PST by ResisTyr ("Resistance to tyrants is obedience to God " ~Thomas Jefferson)
[ Post Reply | Private Reply | To 5 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson