This page has been archived and commenting is disabled.
Security Expert Hacks Obamacare Website In 4 Minutes; Accesses 70,000 Records
Submitted by Michael Krieger of Liberty Blitzkrieg blog,
The hits just keep on coming for ObamaCare. It was less than two weeks ago that I highlighted the potential premium rate death spiral that ObamaCare faces due to the fact that only old and sick people are signing up for the program. Now it seems there are further security related concerns plaguing the site, as cyber-security expert David Kennedy recently claimed that “gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes.”
It’s actually hard to be this incompetent if you tried. More from the Washington Times:
The man who appeared before Congress last week to explain the security pitfalls of HealthCare.gov took to Fox News on Sunday to explain just how easy it was to penetrate the website.
Hacking expert David Kennedy told Fox’s Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported.
“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it’s just wide open.”
“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he said.
Mr. Kennedy testified before Congress Thursday that HealthCare.gov was “100 percent” insecure, Washington Free Beaconreported.
For some context on this very important issue, check out the video below:
Full article here.
- 32157 reads
- Printer-friendly version
- Send to friend
- advertisements -


He got data for everyone that signed up?
Edit: bitchez!
Looks like it....and the cast of Star Wars too! Does Chewbacca have a preexisting condition?
The only people who signed up for Obamacare were sickly old people who had no money. Good job there sport.
Hugh jackman hacked it in less than 30 seconds, whilst getting head no less!
Didn't someone from the WH sign up Obama for his shitty insurance? Can someone please hack his info and sign him up for every kiddy porn site known, sell his credit card numbers to Negeria and lets send his ass back to Africa.
http://4-ps.googleusercontent.com/h/www.powerlineblog.com/admin/ed-asset...
You didn't hack that !
you can have the hacked profile you paid for.
Typical, that's why I haven't siigned up for that shit.
Ron Paul 2012
O said .gov was to be secure as the secrecy of his birthplace
You didn't fuck that up.
Someone else fucked that up.
Uh, and he lives on a ranch in Texas.
I always love reading about customer's information being hacked. Why do people keep trusting insecure entities to store their data?
...you mean like, Bitcoin???
:)
why do you need to sign up?
make it like social security if you want to socialize it. Just give everyone a number and you charge to that number after procedures at the hospital. government IS insurance.
Single payer system. Yes , everyone already has a number , SSN. A step further towards NHS , UK-style. This is getting interesting. Probably plan B all the time. Question is if this takes out the private insurers out of the equation.Hmmm wonder if it´s gonna be run like Social SEcurity , i.e. no money in the piggy bank. Any shortfall can be taken out directly from the IRS.
The federal authorities have this great track record for handlig systems like this.
Screw single payer...
....and avoid healthcare.gov like it's the plague......cause it is.
”Looks like it....and the cast of Star Wars too! Does Chewbacca have a preexisting condition?”
That’s it!
We need to force the First Wookie family to sign up.
That way we can finally know he truth about the invaders that are occupying 1600 Pennsylvania Avenue.
HA! HA! HA!
Take that and shove it up your " You have to pass it to know what's in it" anal orifice, Pelosi and Reid.
HA! HA! HA! HA! HA! HA!
It was set up that way soley so they could get trusted.
Another 500m lines of code should do the trick!
Single payer=monosophy
Yes. Monosophy. All is one.But first I guess we need that re-education camp. No single payer program without a stint in a re-education camp. Hell we may even come to feel that vodka is the best there is.The real frontal lobectomy. Erases all existential angst. Ask Boria Alotakrap and the other russkies here on the site.
Victory Gin is best.
Unto each his own.
@Tom_333. Single payer system = tax payer system.
"The federal authorities have this great track record for handlig systems like this." You're kidding, right? Medicare is essentially single payer and it is underwater to the tune of $88 Trillion. Add Medicare Part D, Bush's drug program which has unfunded liabilities of $22 Trillion and you have a total debt load of over $100 Trillion. Add another few tens of millions of people on the system and your children will be paying 100% of their income to support it. But hey, who needs to eat?
Yes. And yes. Ultra-dry sarcasm is usaully the sign of utter displeasment where I come from. Next stage is ranting,cussing and screaming.
Single payer system. Yes , everyone already has a number , SSN. A step further towards NHS , UK-style. This is getting interesting. Probably plan B all the time. Question is if this takes out the private insurers out of the equation.Hmmm wonder if it´s gonna be run like Social SEcurity , i.e. no money in the piggy bank. Any shortfall can be taken out directly from the IRS.
The federal authorities have this great track record for handlig systems like this.
Single payer system. Yes , everyone already has a number , SSN. A step further towards NHS , UK-style. This is getting interesting. Probably plan B all the time. Question is if this takes out the private insurers out of the equation.Hmmm wonder if it´s gonna be run like Social SEcurity , i.e. no money in the piggy bank. Any shortfall can be taken out directly from the IRS.
The federal authorities have this great track record for handlig systems like this.
Triple post...my bad.
Anyway - I guess the banks will not be too happy with something that takes the insurance companies out of the equation. Since they own the insurers. Bail-out in the offing?
I must have missed the part where they open sourced the obamacare website. Also missed the part where you give any identifying information to any central authority when using the bitcoin protocol. Are you sure either of those actually happened?
If you like your credit score, you can keep your credit score.
If you like some one elses credit score, you can have some one elses credit score.
Fixed it :-)
I love this idea except for one problem...if they use his SS number they would be digging up some corpse in CT and sending it back to Kenya
This hacking expert is racist.
...then respecting that corpse with a burial at sea.
Leave the burial at sea to our Navy corpse men from our 57 states.
That's why SS numbers should be tattooed on the inside of the upper lip of every newborn, just like they do with prized horses. FOARWARD!!!!
hahahahaa
So it works, winning!
"it" is Cloward Pivens.
http://en.wikipedia.org/wiki/Cloward%E2%80%93Piven_strategy
Fuck Collectivists.
RIPS
Who would have thought 10 years ago Cloward and Piven would be household names?
Not me....that's for sure.
It still isn't. Only for those that have taken the red pill. You mention Cloward-Pivens to a sheeple and they think it's a new act at the Grand Old Opry...
http://en.wikipedia.org/wiki/Cloward%E2%80%93Piven_strategy
Thank you for the link of this knowledge.
Insight is why I'm here daily.
From Halle Scarey? Ew!
He will be charged with a federal computer crime in 3..2..1..
i'm not sure about that, but the surprise IRS audit will most likely arrive in the mail later this week !
The hell he will. He'll either get a "red letter" (notice of intention to levy) first or they will just empty his bank accounts. Then he will have to fight them to get it back- good luck!
I love the sound of drones in the morning.
Not to worry...
Obama will claim he had no idea about this (no one told him)...
But he is madder than anyone to find out about it!
He will therefore convene a "panel of experts"...
And have them break off into study teams and report back to him.
Then he will miraculously pronounce the problem is solved!
And the MSM will have orgasms reporting it!
Well done, especially the wording, "madder than anyone to find out". The only way to make this guy happy is to not tell him.
I hope he strongly condemns this cowardly act of cyber terrorism.
Can't we skip all that crap and jump right into the orgasms? :>D
Don't forget that he'll recommend that a third party then be responsible to store the personal data available upon request by the central govt.
CGI the IT firm from Montreal Quebec that created the site is a shit firm.
A website isn't the heart of the foodstamp program, medicare, medicaid, section 8 housing, AFDC, nor any other govt beneift program. Social security doesn't depend on a website. IRS doesn't depend on a website. Nothing else in govt depends on a website.
I'm convinced making a website the heart of zerocare was the plan for self-destruction. All the problems could be blamed on a botched website, and they more or less guaranteed it would be botched when they picked a developer with a record of massive failure.
It wasn't stupidity. It was the plan. The plan for making zerocare fail so they could move on to single payer.
That and it was a hand out to political friends.
.
Obama's pal gets $678 MILLION to set up a website, with NO competitive bidding:
http://www.snopes.com/politics/obama/whitley.asp
Must be nice, eh?
.
Especially in the light that other companies offered to build, host and maintain the ACA site FREE for 5 years. Something is rotten in Denmark and it stinks to high heaven.
You could be right, but I think the decision to make the core functionality a website came out of naivity and stupidity. Obama and friends were trying to be "modern" and "hip" to attract the younger set. Look at them, they're a bunch of middle-aged to aged technological morons.
Putting aside whether you like the law or not (I don't), the implemenation could have been as simple as creating a 1099-prem that insurance companies would issue for the premiums paid by people buying individual or family plans. When they file their tax return, they go through a worksheet to get their credit (or not). Simple as pie. End of story.
404WARD!
Now that's funny right there, I don't care who ya are!
I chuckled.....does that make me a racist?
That depends....Are you white?
it has to be... because they hired a firm full of retards that has a proven track record of utter failures.
FORWARD SOVIET!!!
Since Obama married a wookie he should get preferential treatment.
Chewy is in the bedroom.
I guess Barry could always blame this on Snowden.
Greetings from Moscow Barry......screw you - Eric Snowden
P.S. your 600 million dollar website security sucks. I've advised all my peeps not to go there....it just isn't worth the risk.
Had a dream the other night, was passing a school bus on the right side when I looked up who did I see sittin in the window? It was our president at the time, Ronald Reagon, it was no big deal until I passed the driver who really shocked me. It was non other than our war hero and our vice president George Bush, now you see the real good part was that it was my first color dream too, until then I had only heard of it. Never told anyone cause they say you can get committed to the nut house if you EVEN hear so much as voices in ur head.
If you like your credit rating, you can keep your credit rating. Period.
Me saying, DumbMasses, has never felt so good.
Consequences ;-)
“And I’m confident we can go even lower. We must keep striving to find new depths of idiocy.”
I hear you nmewn, I hear you.
This country got the government it deserved.
Can I get off this bus anytime soon?
Lucky bastard got to testify in congress and had his face plastered on tv and the internet. Looks like he'll live... a long time... in prison. Queue up some electronic crime data to dump on his HD now. We'll tip the cops and he'll be in jail by the end of the week.
I realize it is silly to post such a ridiculous prediction. By doing so I can only hope I've increased the odds against it.
LMAO at the suckers that signed up for this POS. Most of which already had insurance it has come be known.
Sign your enemies up! Obama gets his shitty numbers beefed up and your nemesis gets his or her info stolen! Win Win!!!
I'd like to see EVERY member in Vichy DC signed up.
My Freudian wet dream.
EVIL laff!
Great idea, IR!
So it's secure then?
Just like the borders.
...and the German's gold.
And Wimpy's hamburger money.
....which will be paid next Tuesday.
...with "High Yield" vig.
http://www.zerohedge.com/news/2014-01-18/saturday-humor-high-yield-savings
So a burger and a fry will be repaid "next Tuesday" for a burger today, is this your best, final offer?
You'll get to be one of the first on your block to try the "Obamafry™" with your McDouble.
Free sample bag with EBT purchase.
Can I substitute the fries with WookieSlices? I want to eat healthy, like the skool kids.
Lt. Wharf Wafers?®
Secure as a single-use leak-free custom-fit metro-sexual Obamacare CondomTM.
Back off, fellas.
Hand over that burger fat man!
Terms are acceptable only without the Special Sauce, is this a problem?
We can give the site amnesty!
he'll probably be cited for breaking and entering (or the digital equivalent), for embarassing the administration so completely.
it's where we're going...
At the rate we're going, he'll be deemed an enemy combatant terrorist hacker who must be renditioned to Gitmo.
He has alreadybeen FEMA'd and replaced with a FEMA Borg.
He'll be droned.
Too bad about his kids in the minivan.
-and the other 30 innocent US citizens around him.....
Criminal investigation of David Kennedy in 3....2....
Dead in a car crash in 3....2...
"Say there, that's a nice new Mercedes you got there, it'd be a shame if it were to randomly blow up or something"
The cars with the OnStar, Windos OS, and especially computer controled throttle and electric motor acuated steering. Command the power door locks and its full speed right into the bridge abutment. You can listen to the screaming and crash via OnStar.
It doesn't matter because Obama's minions have no money anyway. What are you going to do with someone's data if they have a 300 FICO score? Most couldn't give a shit if someone steals their data.
Excellent point. It isn't like hackers are going to get Pelosi's or Rockefeller's information.
Information?
All you need is their 20.
So THIS is why congress exempted themselves... cheap bastards.
a thief couldn't get out of my zip code on my credit
aaahahahahahaaahhhahahahahhhahhahhhaaaaaaaaahhahchhhahaokehahhachokechokechoke hahhahaahhaaaaa!
choke
um
ha!
and what even uses an actual FICO anyway?
note to credit managers: Credit scores are the stuff unmanaged credit so conjure accordingly.
Forget Target, skim EBT. The FSAers wouldn't notice a buck skimmed they're so stupid, addled, math be hard challenged.
"working" as designed
I don't know about you folks, but the next time the puppet du-jour tells "We The People" we're "bailing out" another mega-anything, that's my cue.
can he tell us how many signed up.
He did, it's 70,000.
Those 70k are critically ill and probably wont be around long enough to care if their personal info gets stolen.
Its a new profit center for drug dealers. Find a really sick person on the site, change their address, order up some really wicked drugs....done ! For a while should allow for all sorts of free narcotics...on the house ! Got a pre-existing condition...pimp yourself out for massive greenbacks before you check out. Vegas !! Its almost out-of-site what bad could be done.
How much to subscribe to yer newsletter? :>D
this so called expert is a liar.
he is a syrian
he hates us for are freedom and are liberal use of monsanto corn syrup.
HE MUST DIE NOW.
death by ruru
I had this discussion with someone else today...and if you understand a little bit about data mechanics, then you might want to read this. Logic tells me they have several Oracle sandboxes going. A sandbox is a tech term and is a place where you work on code and simulate before you compile it and turn it loose on the web, so that being said you might understand this a little better. Me thinks they have a few sets of engineers there, one set that keeps the current site gimping along and with as fragile as it is now, put some additional security code in and it may not work at all, and that takes time where as it is much easier if you build the security in while building the app of course. So they might be afraid to touch it right now.
In the meantime the other engineers are working dogmatically to rewrite the modules and we already know that one of the first things Oracle did when they were called in was bring in their own server as apps and other integrated Oracle parts work with it, a lot of code already written for that and that is part of the problem the site had to begin with as too many wanted to be open source heroes and write all of this from the ground up and integrate software modules in a way that's never been done before and that takes time. That's where HHS and CMS were initially duped into the tech fairy world here. Sebelius believes almost anything out there if it's an app she can click on and do something. So here's what I told some hot shot today...and had fun doing it:)
If new modules are being built and the system is that fragile, yeah ride by the seat of your pants rather than shut it down completely is what's going on here and that's why nobody's rushing out to secure the site, so these articles will continue until the new modules which will contain software as the Oracle middle wear has security built in and they get migrated. I know not what folks want to hear but code is code and the new modules will do the fix...
What I told hot shot....
Are you or have been a code writer? Its much easier to integrate it from the start as I mentioned...I used to write code in VB 6 from the bottom up, different than platforms that are used today where you rely on code written by one, two, three or more layers of development teams that you rely on the work right:)
So how many Oracle sandboxes do you think are in the works right now with the project...I say at least a couple as Oracle already brought their own servers in and when you are using a lot of Oracle apps as what is being done here, it's makes sense to use Oracle servers and Middle ware where the integration code between modules is already built, code written in other words. Just me speaking out loud here wiht some data mechanics logic I say we have a few sandboxes in development right now while other engineers are working with the existing code to keep it gimping along until the sandbox coding and reworking of the modules is done and then it is tested and migrated over to the live production site. In addition security with Oracle Fusion Middle ware is present and can be configured there as well. That is what makes sense to me as to why send engineers over to secure a site, even though I don't condone having in insecure site out there by all means, that is going to have modules replaced when the coding in the sandboxes is done.
Security with apps and Fusion Middleware that adapts to Oracle versus all the open source Red Hat and Json code written from the CGI team offers a better solution. I like open source by all means but when you have tight time frames to work within and have to to write code to integrate where there's no libraries takes a lot of time for sure. So how many sandboxes do you think exist and and are being engineered right now?:)
I concur, Dr. MedicalQuack.
Excellent post, MedicalQuack. Most people of the world fail to understand the difference between things that are engineered bottom-up and things that are built out of black-box components that are supposed to magically flow together. For example I am currently working on a project with two different microcontroller makers/families/word-sizes. In one of them, the requirements are straightforward, no pre-existing helpful code exists, our architecture is straightforward, and I get to write a foolproof implementation bottom-up from scratch. The other microcontroller family has available a very useful software demo that I will be productizing from its demo state - I am constrained on my architecture and the resulting design because I need to use most features from the demo in the base application, and the way the demo is written (not production quality) affects the way I have to change it and interface with it.
When you write something bottom-up with a clearly planned architecture, the libraries and APIs are well-defined and documented (hopefully), and integration into any outside systems is usually accounted for in advance. In the case of using disparate web elements written in different languages with library wrappers for other languages, javascript magick, database configuration, integration with anything, and especially newly introduced features and other black boxes that require libraries, wrappers, shit piled on shit piled on shit... it gets messy.
I love this post by grumpynerd. http://www.grumpynerd.com/?p=132
I betcha grumpynerd likes powershell. ROFL.
I bet he downs half a pint of tequila and talks shit about unix shells as he types backslashes with joy.
All that, and then try to make it work with half a dozen government computer systems dating back to when an Apple II+ was state of the art.
10 Going by what we've seen so far,
20 I'd say they wrote the whole thing in BASIC.
30 Goto 10
What. No gosub commands Ebear?
Or ... you can adapt already hardened, well proven code which performs similar processes and modify it only as required to serve the similar functions required by the dot-gov site. And then test the hell out of it to assure changes made are secure and functional before it's dumped on ordinary users.
The idea that fulfilling requirements for this application demands spanking new rocket science code unlike anything else in the known world is laughable. Amazon could have probably built it to work securely and correctly for a fraction of the cost, in half the time, and requiring half the computing resources.
Note the esteemed IRS blew away a billion bucks some years ago to integrate their systems -- which still aren't integrated and have been down on several occasions when I called them ("call back tomorrow and we should be up and running again"). That was likely another "job" handed to some other (or the same) no-bid contractor whose only market is clueless government procuring agencies spending other peoples' money.
Once the coding becomes crystallized then the true costs can be found and the shit will hit the fan.
Clear code is unwanted by the stakeholders.
There will be political tweeks. Has to be. Honesty is a threat.
Cost discovery is a threat.
Quality feedback is a threat.
In Massachusetts. Turn in Florida drivers license to get back Mass license. 5 separate trips. No DUI, back taxes, tickets nothing. DMV got to justify their slack jaw, diaper wearing jobs. And they will, so too all involved in Obamacare. But, good luck with that code trooper, you just keep writing. Wink wink, nod nod, all on the same team, know what I mean, right? A never finished code means theres always a job to go to, right? ........
..honesty is a threat. Yes it certainly is. Add paranoia to the mix and I bet this is a lovely project to work on. I am curious about the mix of personel Accenture will use on CronyCare. Will they try to skate by with a 80/20 mix of H1B/Offshore to onshore Norte Americanos?
In the near future, CronyCare will produce a few thousand unexplained career gaps on IT resumes like Enron and Worldcom. If someone is dumb enough to admit taking part on it's development, I hope they tell me before I make the mistake of hiring them.
But then again, maybe the participants will be proud of their involvment with CronyCare. Up until about 10 years ago, IT was filled with independent types who had a somewhat coherant moral code where political bullshit prevailing over common sense was not as easy as it is now. Now they have been replaced by H1B imports who have zero incentive to call out corruption, immorality and stupidity. The H1Bs are so glad to have a chance to escape their shit hole they will keep their mouth shut and pretend its all good. Amnesty for IT has already happened and it is mission accomplished.
Like the 80k pages in the Federal Register. Does anyone ever think the coding will be finnished? Every year the dynamics and politics will change. Lots of decisions will be based upon 2-3 year junk statistics, plugged in and running. No one will know what the quality of outputs are. We can't even decide who is dictated to obey Obamacare. McDonalds no, Billy Bobs Muffler shops yes. Maybe. This year but not next.
We will have to go full price control on labor, products, services and costs.
This really calls for Venezuelan expertise.
The whole ACA site is magic code that no one wants to touch. The cloned it into a dev/test/prod environment and are trying to make some basic fixes that they roll into prod while they build a new site correctly.
RE: MedicalQuack
Most people engaged in business/results driven jobs learn quickly several key lessons
- Know what you do not know. Either learn it or hire an expert.
- Evaluate the expert by getting an independent auditor to monitor the experts performance and results.
- Hold the expert accountable for performance before you dole out the cash payments.
Since the White House and most Cabinet Level positions (including Sebelius,) are filled by government/political cronies none of them have the experience to run any functioning organization that produces results. Were it not for their political connections, education from elite schools and the ignorance of the elctorate in electing them to high political offices - most would would be working in low level jobs in the economy. We are being governed by the highly educated stupids.
If this was Walmart or the Koch Industries web site, the same officials who are charged with protecting the public against cybercrimes (but who don't care about the ObamaCare site), would be pushing themselves in front of the cameras to show the public how vigorously they are going to enforce the law, investigate fraud, catch the hackers, hold large corporations accountable, yada, yada. Well when Uncle Sam seizes the health insurance business of the nation, they become a bigger corporation than all the health insurers combined. Where is the outrage?
this guy better not make any new merc purchases and make his own cups of tea for a while i think.
All these different companies building ObamaCare are building in their own backdoors. Thats why it's so great to be a vendor, even if you get fired, you've had enough time to put your backdoor in...
Hey, the site lasted longer than me.
Jesus H. Christ, why can't we just impeach the motherfucker?
Run for office. Win. Vote to impeach.
Not interested? That's why.
Me no downvote senor.
Jesus H. Christ, why can't we just impeach the motherfucker?
Cause we'd have to impeach Congress first.....and I don't think they're gonna vote to kill themselves.
@Murf c'mon man, get real ! that's only done to lying, impotent, ineffective Presidents who piss all over the Constitution and dishonor their oath of .... wait, hang on a second .. !!
Similar to the bank panics of 1907 and 1911......setting us up for the fix.
next we hear the only way to provide "healthcare" is for the Wall Streeters to create a privately owned secret fed for medicine......
Cloward - Piven anybody ?
Ahhh. And it will be called FEDCARETM. And it will have creative finance. It will be private. It will need another Yellin' clone to run it. It won't be accountable to anybody. BRILLIANT !
The .gov doesn't need your bank info for ACA premium payments. They have NSA hackers to clean out your bank accounts and credit cards for them.
Your social security number is no longer safe. too many entities aside from social security want/need it and now we discover how easy hackers can steal it.
I think I will beat them to it and sell mine to the highest bidder, I may as well keep the money for selling it versus NSA, some bank or corp or hacker.
Do you take bitcoins?
Wait a minute, did not our dear leader himself personally have one of his servants sign him up? That would mean they must have put his personal information including social security number on there hence into public domain.
Someone should get on that....
Ah yes, now if we could get his real name we could find his number........
Frank Marshal Davis, Jr.
swallowing a guys blown wad don't make him yo pappy!
Which # Do you supposed he used?
I believe he has several, They come in handy should you need to cut and run at a moments notice.
I don't know but if it is fraudulent is falsifying insurance applications not a felony, let alone some sort of identity theft / social security fraud?