TrustedSec CEO David Kennedy, the hacking expert who easily cracked the security setup of Healthcare.gov, explained Sunday how he was able to enter the site.
“There’s a technique called, what we call ‘passive reconnaissance,’” Kennedy explained in an interview with Fox News, “which allows us to query and look at how the website operates and performs.”
This attack, along with access to the 70,000 documents of personal information extracted from the site, requires very little work, according to Kennedy. The attack extracts information without actually having to go into the system.
Kennedy added that extracting the documents took no time at all, about 4 minutes, and that it could be done with a standard browser.
“Think of something where you have a car and the car doors are open and the windows are open — you can see inside of it,” Kennedy said. “That’s basically what they allow you to do and there’s no real sophistication level here.”
Kennedy noted that the website has not gotten any safer since its conception, and that security may have even gotten worse over the past two months.
According to TrustedSec, the health care website fails to meet even basic security practices for protecting sensitive personal information.