14 DAY TRIAL // Security researchers from distributed denial-of-service (DOS) protection solutions provider Arbor Networks have come across a DOS tool that appears to be specifically designed to launch attacks against the main Obamacare website, HealthCare.gov.
The tool has been written in Delphi and is designed to send layer 7 requests to healthcare.gov and healthcare.gov/contact-us. The standalone application can be downloaded from various websites, and it has been advertised on social media platforms.
“This program continually displays alternate page of the ObamaCare website. It has no virus, trojans, worms, or cookies. The purpose is to overload the ObamaCare website, to deny service to users and perhaps overload and crash the system,” reads the description of the tool dubbed “Destroy Obama Care.”
The description continues, “You can open as many copies of the program as you want. Each copy opens multiple links to the site. ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!”
Since launch, experts have found numerous security and privacy issues affecting HealthCare.gov. However, Arbor researchers say it’s unlikely that this tool can be successfully used to take down the main Obamacare website, especially since it’s based on a non-distributed attack architecture, has a low request rate, and many other limitations.
So far, Arbor’s Security Engineering and Research Team (ASERT) hasn’t found any evidence that the software is actively used to target HealthCare.gov.
“ASERT has seen site specific denial of service tools in the past related to topics of social or political interest. This application continues a trend ASERT is seeing with denial of service attacks being used as a means of retaliation against a policy, legal rulings or government actions,” Arbor’s Marc Eisenbarth notes in a blog post.