Obamacare website riddled with security flaws, experts testify
J.D. Heyes
A panel of IT experts testified recently before a House committee to inform Americans that they should not be using the website, because the potential for loss of their personal identity and information is just too great.
Four experts testified before the House Committee on Science, Space and Technology, and collectively they cited a number of security flaws in the site which they attributed to the complexity of its 500 million lines of code and a hurried roll-out before the site was properly tested.
Get ready for the bill, taxpayers
One of the experts, David Kennedy, founder of TrustedSec, which is an online security firm, said assessing the risk was easy stuff.
"Just by looking at the website we can see that there is just fundamental security principles not being followed, things that are basic in nature that any security tester, like myself or anyone that we hire to test these sites, would actually test for prior to being released," Kennedy, formerly of the National Security Agency and a one-time cyber-intelligence analyst for the U.S. Marine Corps, said.
As reported by The Washington Free Beacon:
The experts said the personal information of millions of Americans is at risk, including Social Security numbers, birthdays, incomes, home mortgages, and addresses. Rep. Mo Brooks (R., Ala.) called it the "mother lode for identity theft."
"Americans should be scared to death," said Rep. Chris Stewart (R., Utah).
During his testimony, Kennedy simulated a cyber attack in the hearing room. He demonstrated how, on Finder.Healthcare.gov, a hacker could breach a computer, monitor its webcam and swipe passwords.
He said China-based hackers could "absolutely" break into the online marketplace.
Worse, he said the risks would heighten as the president's team insists on keeping the site up and running while attempting to fix it.
Meanwhile, Morgan Wright, a cyber terrorism expert and CEO of Crowd Sourced Investigations, said just attempting to fix a single line of code might open a "Pandora's box."
"You create an unintended series of cascading events you have no control over because you don't have a grasp of what the code is actually doing," he said. "You think you've changed one thing, by doing that you've opened up a Pandora's box of vulnerabilities on the other side."
Kennedy was amazed in that he says he's never seen anything like it.
"To be honest with you, I have not seen - and I've worked for Fortune 10, Fortune 50, Fortune 1,000 companies, as well as on the government side - I have not seen an application that pales in comparison to 500 million lines of code, including some of the largest applications you would ever see in the history of man," he said.
And because of the sheer amount of code, the panelists said it wasn't possible to conduct a complete security assessment on the website. Merely reviewing it for security flaws could take as long as six months.
Shut it down? Of course not
Then, of course, there is the issue of actually fixing the flawed code. Yeah, that's not going to be cheap. Kennedy said the current market value of high-end website code is about fifty bucks per line.
"That's where I've been trying to get my head around, just - half a billion lines of code, particularly when you're reaching out and pulling it out of other databases and then standardizing," said Rep. David Schweikert (R., Ariz.). "Does something seem almost absurd?"
"Well, there's also another paradigm, too, that it costs you $1 to fix it before you launch, it will cost you up to $100 to fix it after you launch," Wright countered.
What's worse, the panel said, Healthcare.gov is integrated with other federal agencies, including the Internal Revenue Service.
"It hooks into the IRS, it hooks into DHS, it hooks into Experian, which is a third party," Kennedy said. "You have all of these trusted connections, all these things that make up the site itself, but the pieces that actually make up Healthcare.gov are multiple areas."
"Given Healthcare.gov's security issues, and assuming for the moment that you would be personally responsible for all damages incurred from your advice, would any of you advise an American citizen to use this website as the security issues now exist?" asked Rep. Brooks.
Every witness answered "no," the Free Beacon reported.
Some experts have recommended shutting the site down, but Barack Obama doesn't appear interested in that option.
Sources:
http://www.naturalnews.com/z043055_Obamacare_Healthcaregov_security_flaws.html