A man who was once the FBI's most wanted hacker says Healthcare.gov is a cybercriminal's dream.
Kevin Mitnick has been a legend in the hacking world since his 1990s heydays, but he's now playing for the good guys and sent a dire message to a congressional security panel on the ObamaCare website on Thursday.
'It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices,' he wrote in a letter submitted to panel chairman Lamar Smith, a Texas Republican.
Mitnick served five years in prison for hacking into corporate computers and stealing software after a three-year cat and mouse game with federal authorities.
After he got out in 2000, he put his unparalleled hacking prowess to use helping the sorts of companies he once burglarized.
'it's clear that the management team did not consider security as a priority,' said the Las Vegas-based security expert.
In 2011, Mitnick told America his tale of intrigue and technological feats in the memoir Ghost in the Wires.
Now he's telling the nation to watch out for people like him out to exploit he site's shoddy security.
Mitnick was backed up by CEO of consulting firm TrustedSec LLC David Kennedy.
'HealthCare.gov is not secure today,' Kennedy told the House Science, Space and Technology Committee.
HealthCare.gov is the consumer web portal to a 36-state federal health insurance marketplace, which offers private insurance, with federally subsidized rates for some consumers. The 14 other states have built their own marketplaces.
+3
'It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise,' said Mitnick, who served five years in prison for his crimes
+3
Mitnick told America his story of cyber intrigue in the 2011 memoir Ghost in the Wires. Now, by writing a letter of warning to Congress, he's telling the nation to watch out for people like him
Kennedy said 'nothing has really changed' since a hearing of the same committee in November, when he and three other expert witnesses said they believed the site was not secure and three of them said it should be shut down immediately.
'I don't understand how we're still discussing whether the website is insecure or not,' said Kennedy, who worked for the National Security Agency and the U.S. Marine Corps before entering the private sector. 'It is insecure -- 100 percent.'
Before the hearing, Kennedy told Reuters the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1. Hackers could steal personal information, modify data, attack the personal computers of website users and damage the infrastructure of the site, Kennedy said in an interview.
The Centers for Medicare and Medicaid Services (CMS), the federal agency responsible for HealthCare.gov, said in a statement to Reuters, 'There have been no successful security attacks on Healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site.'
CMS said Kennedy's methodology undermined his findings: 'Because this individual had no direct access to the operations of the HealthCare.gov website, the information in the report is based on assumptions, not fact.'
The agency's information security chief also publicly tried to reassure lawmakers that the site is safe.
The CMS chief information security officer, Teresa Fryer, said the website underwent end-to-end security testing on December 18 and met all industry standards.
'The (federal marketplace) is secure. In many instances, we have gone above and beyond what is required, with layered protection, continuous monitoring and additional penetration testing,' Fryer said before the House Oversight panel.
As the hearings took place, Republicans sought to amplify their anti-Obamacare message by advancing another bill to tweak the law. The legislation, which passed by a 259-154 vote, would require the Obama administration to issue weekly enrollment statistics.
The White House considers the transparency bill another Republican attempt to hamstring implementation of its healthcare reform. However, 33 Democrats voted for the measure, as some Democrats are eager to cast targeted votes critical of the healthcare program, in case they think they need it during their election campaigns.
Last week, the House passed a Republican measure that would require the government to notify Americans within two days if their personal information on HealthCare.gov has been compromised.
Read more: http://www.dailymail.co.uk/news/article-2540930/Worlds-greatest-hacker-blasts-shameful-Healthcare-gov-minimal-security-protections.html#ixzz2qfxEztQ8
Follow us: @MailOnline on Twitter | DailyMail on Facebook
No comments:
Post a Comment