ADVERTISEMENT

Experts: Obamacare Website Security Getting Worse

'White Hat Hacker' David Kennedy says Obamacare website's security has deteriorated since last November

January 16, 2014

Professional hacker and web expert David Kennedy testified Thursday on Capitol Hill the Obamacare website's security issues have not improved since his prior testimony last November, Fox News reports.

In fact, Kennedy said, many of the vulnerabilities have actually gotten worse:

DAVID KENNEDY: Healthcare.gov is not secure today. And nothing's really changed since the November 19th testimony. In fact, from November 19th testimony it's even worse. Additional security researchers have come into play, providing additional research, additional findings, that we can definitely tell that the website is not getting any better.

According to a Reuters interview published today, Kennedy and other technical experts say the site's deficiencies are detectable without even hacking into it.

One identified security flaw could potentially allow a hacker to upload a malicious code and commandeer other users' computers:

Kennedy and his peers who reviewed his work ahead of Thursday's hearing said the site still has serious security vulnerabilities that can be viewed from the outside.

"The site is fundamentally flawed in ways that make it dangerous to people who use it," said Kevin Johnson, one of the experts who reviewed Kennedy's findings.

Johnson said that one of the most troubling issues was that a hacker could upload malicious code to the site, then attack other HealthCare.gov users.

"You can take control of their computers," said Johnson, chief executive of a firm known as Secure Ideas and a teacher at the non-profit SANS Institute, the world's biggest organization that trains and certifies cyber security professionals.

[...]

Yet Kennedy said he identified many other problems on his own, conducting what is known as "passive analysis" of the site, by using an ordinary Web browser and other softwaretools to look at HealthCare.gov's content and architecture from the outside.

He said he did not take the additional step of hacking into the site to look for other problems because he did not have permission from the government.

Full segment: