david kennedy

David Kennedy the CEO of TrustedSEC.com on Fox News Sunday with Chris Wallace

On Fox News Sunday, David Kennedy the CEO of TrustedSEC.com and former NSA employee and US Marine, revealed more disturbing security breaches within the Healthcare.gov website.  Kennedy testified before Congress in November offering stark warnings to the disturbing security issues but has been readily dismissed by the Obama Administration.

He claims the Healthcare.gov website, as it is currently, is the equivalent of walking up to a car with the windows rolled down and being able to see everything inside. That’s how severe the security breaches run within the system.  He said within the span of four minutes he would have the ability to access 70,000 records.  Fox News Sunday’s host Chris Wallace questioned how he is able to determine this without actually hacking the site and he explained the process.

That’s a great question. There is a technique called — what we call passer reconnaissance, which allows us to queering look at how the website operates and performs. And these type of attacks that, you know, I’m mentioning here in the 70,000 that you’re referencing is very easy to do. It’s a rudimentary type attack that doesn’t actually attack the website itself, it extracts information from it without actually having to go into the system. Think of it this way.Think of something where you have a car and the car doors are open and the windows are open, you can see inside of it. That’s basically what they allow you to do. And there is no real sophistication level here. It is just really wide open. So, there is no hacking actually involved. And 70,000 was just one of the numbers that I was able to go up to. And I stopped after that. You know, and I’m sure it’s hundreds of thousands, if not more and it was done within about a four-minute time frame. So, it’s just wide open. You can literally just open up your browser, go to this and extract all this information. Not actually having to hack the website itself.

If you believe everything David Kennedy is saying, the Obama administration is flat-out lying to you.  Even if it is lying by omission. Here is an example as to why that is true.

The most disturbing portion of the interview was revealing details Kennedy shared about how the security behind the site is in fact no better than it was.   Chris Wallace played a video of Gary Cohen who oversees the Federal Online Marketplace.  Cohen made the claim before Congress “there have been no successful attempts of what anyone has been able to attack the system and penetrate it,” he said. 

Kennedy quickly shoots this comment down in an astonishing response.

 This is one of my favorite ones out of the whole testimony. And so they (inaudible) that there has been no successful hacks that they’ve been able to detect. If you look at — there’s November testimony by Congress that basically said that a third party company was contracted to build out what we call the security operations center, which is what would actually detect these types of attacks. As of November, it hadn’t even been started yet.

So, if you look at how long these security operations centers take to put into play, it takes several months, if not years to actually implement and fully build the attacks out there. So, as of November we have no modern detection. And that, from my understanding, it’s still not happening to this date.

So they’re accurate in their statement. They haven’t detected any attacks on the website, because they don’t have the capability to detect them. And just to throw it in comparison, they said that they only experienced 32 actual attacks on the website. They don’t say what those cause for alarms are. But just a pure statistic, if you have a website that faces the Internet, just purely, you know, not popular, especially not as popular as healthcare.gov, you’re going to exhibit over 200 attacks per week on that website just based on sheer volume alone. So, the 32 marks just shows another capability they don’t have, unfortunately, on the healthcare.gov website.

Kennedy also covered the fact that other sites connected with Healthcare.gov would also be potentially penetrable by accessing through the ObamaCare site, including IRS records.  Kennedy states seven other industry professional groups have drawn the same conclusions stating they also are all experts within their field.  Wallace finished by asking him if the administration had reached out to him for help, and he replied, “Absolutely not. They haven’t. And it’s been offered. And we would do it for free to help out. Unfortunately, there’s been no contact from them.”