US

Hacking expert reveals how he cracked Obamacare site in under 4 minutes

Photo of Vince Coglianese
Vince Coglianese
Executive Editor
  • See All Articles
  • Send Email
  • Subscribe to RSS
  • Follow on Twitter
  • Bio

      Vince Coglianese

      Vince Coglianese is the executive editor of The Daily Caller.

      His reporting has received wide coverage, including in the pages of The New York Times, the Wall Street Journal, The Washington Post and The Drudge Report, among others. Vince has appeared as a guest on the Fox News Channel, CNN and CNBC, as well as other cable news networks. Additionally, Vince has been a guest on "The Sean Hannity Radio Show," Sirius XM''s "The Press Pool with Julie Mason," "The Schnitt Show" and Glenn Beck's TheBlaze TV.

      Prior to joining TheDC, Vince was the Web Editor for CarolinaCoastOnline.com, and a radio talk show host for The Talk Station (WTKF/WJNC) in Morehead City, N.C.

David Kennedy, the hacking expert that shook the country this week with his congressional testimony about the security failures of HealthCare.gov, explained Sunday how he was able to penetrate the site.

“There’s a technique called, what we call ‘passive reconnaissance,’” Kennedy explained to “Fox News Sunday” host Chris Wallace, “which allows us to query and look at how the website operates and performs.”

“And these type of attacks that I’m mentioning here, and the 70,000 [personal records Kennedy found] that you’re referencing, is very easy to do,” Kennedy continued. “It’s a rudimentary type attack that doesn’t actually attack the website itself. It extracts information from it without actually having to go into the system.”

“Think of it this way,” he suggested. “Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it. That’s basically what they allow you to do and there’s no real sophistication level here — it’s just really wide open. So there’s no hacking actually involved.”

Kennedy said that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took no time at all, and required nothing more than a standard browser to pull off.

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” Kennedy revealed. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it’s just wide open.”

“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he added.

Follow Vince on Twitter