David Kennedy, the hacking expert that shook the country this week with his congressional testimony about the security failures of HealthCare.gov, explained Sunday how he was able to penetrate the site.
“There’s a technique called, what we call ‘passive reconnaissance,’” Kennedy explained to “Fox News Sunday” host Chris Wallace, “which allows us to query and look at how the website operates and performs.”
“And these type of attacks that I’m mentioning here, and the 70,000 [personal records Kennedy found] that you’re referencing, is very easy to do,” Kennedy continued. “It’s a rudimentary type attack that doesn’t actually attack the website itself. It extracts information from it without actually having to go into the system.”
“Think of it this way,” he suggested. “Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it. That’s basically what they allow you to do and there’s no real sophistication level here — it’s just really wide open. So there’s no hacking actually involved.”
Kennedy said that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took no time at all, and required nothing more than a standard browser to pull off.
“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” Kennedy revealed. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it’s just wide open.”
“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he added.