Pulse

By GCN Staff

Blog archive

A HealthCare.gov denial-of-service attack tool is found. Really.

As if it didn’t already have enough problems of its own, researchers at Arbor Networks have found a denial-of-service attack tool that targets HealthCare.gov, the main federal health care exchange website.

“Destroy Obama Care!” exhorts the writer of the tool, a self-styled American patriot. “ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!”

“It’s pretty lame,” said Marc Eisenbarth, manager of the Arbor Security Engineering & Response Team (ASERT).

An analysis of the tool concluded that it is unlikely to succeed in affecting the availability of the site, and Eisenbarth said that there is no indication that it has been used or that the problems being experienced at HealthCare.gov are anything other than self-inflicted.

The tool at one time was available for download on several sites but has since disappeared. “It’s basically gone,” Eisenbarth said, although no exhaustive search for it has been done.

It was found by ASERT through monitoring of peer-to-peer networks using algorithms to detect politically motivated attacks. The anti-ObamaCare tool was interesting more for its motives and rhetoric than for its content, Eisenbarth said. Rather than using any of the available off-the-shelf DDOS attack tools, it was developed by the author using Delphi, a language that often is traced to Russia although that does not appear to be the case this time. Each copy of the tool opens multiple links that make repeated layer 7 -- application layer -- requests to the site, alternating between the URLs for the site’s home page and the contact page.

The author claims that the tool is intended only to deny service to users of the site “and perhaps overload and crash the system,” and that “it has no virus, trojans, worms or cookies.” Eisenbarth said ASERT found no malicious code in it.

ASERT notified the Centers for Medicare and Medicaid Services, which administers the site, and the Homeland Security Department about the tool, and got a callback from DHS. “We talked them off the ledge,” Eisenbarth said.

Posted by William Jackson on Nov 08, 2013 at 12:04 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.