Pulse

By GCN Staff

Blog archive

A HealthCare.gov denial-of-service attack tool is found. Really.

As if it didn’t already have enough problems of its own, researchers at Arbor Networks have found a denial-of-service attack tool that targets HealthCare.gov, the main federal health care exchange website.

“Destroy Obama Care!” exhorts the writer of the tool, a self-styled American patriot. “ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!”

“It’s pretty lame,” said Marc Eisenbarth, manager of the Arbor Security Engineering & Response Team (ASERT).

An analysis of the tool concluded that it is unlikely to succeed in affecting the availability of the site, and Eisenbarth said that there is no indication that it has been used or that the problems being experienced at HealthCare.gov are anything other than self-inflicted.

The tool at one time was available for download on several sites but has since disappeared. “It’s basically gone,” Eisenbarth said, although no exhaustive search for it has been done.

It was found by ASERT through monitoring of peer-to-peer networks using algorithms to detect politically motivated attacks. The anti-ObamaCare tool was interesting more for its motives and rhetoric than for its content, Eisenbarth said. Rather than using any of the available off-the-shelf DDOS attack tools, it was developed by the author using Delphi, a language that often is traced to Russia although that does not appear to be the case this time. Each copy of the tool opens multiple links that make repeated layer 7 -- application layer -- requests to the site, alternating between the URLs for the site’s home page and the contact page.

The author claims that the tool is intended only to deny service to users of the site “and perhaps overload and crash the system,” and that “it has no virus, trojans, worms or cookies.” Eisenbarth said ASERT found no malicious code in it.

ASERT notified the Centers for Medicare and Medicaid Services, which administers the site, and the Homeland Security Department about the tool, and got a callback from DHS. “We talked them off the ledge,” Eisenbarth said.

Posted by William Jackson on Nov 08, 2013 at 12:04 PM


Reader Comments

Wed, Nov 13, 2013 Cowboy Joe

As lame as y'all make it sound, makes me wonder what side of the fence it's originator's were sittin' on - scallywags that wanna' break it, or varmits that need an excuse.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities