Arbor Networks’ Security Engineering and Response Team (ASERT) has discovered a denial-of-service tool specifically designed to target the U.S. government’s healthcare enrollment marketplace, Healthcare.gov.
Healthcare.gov is established by the Affordable Care Act (ACA) in the United States, perhaps better known by the neologism “Obamacare.” The ACA is considered by many to be U.S. President Barack Obama’s crown achievement, aiming to provide health insurance to millions of uninsured American citizens. The rollout of the website that supports the ACA has been marred by a seemingly endless and humiliating array of technical problems.
As of yet, ASERT has no information to indicate that any of the downtime experienced on Healthcare.gov is the result if a DoS or distributed denial of service (DDoS) attack.
However, the DoS tool, primarily written in the Delphi programming language, has emerged, and it’s singular purpose is to knock the healthcare exchange offline. The tool reportedly performs layer seven requests to get to the webpage, alternating between healthcare.gov and that same website’s “contact us” page.
Fortunately for many ACA proponents already embarrassed by the exchange’s problematic beginnings, ASERT claims the tool is unlikely to succeed in its attempts to make Healthcare.gov unreachable because of its non-distributed architecture and other limiting factors.
According to the report, the application is available for download from a number of sources and is being distributed on social media networks as well.
“ASERT has no information on the active use of this software,” Arbor Network’s Marc Eisenbarth wrote on the ASERT blog. “ASERT has seen site-specific denial of service tools in the past related to topics of social or political interest. This application continues a trend ASERT is seeing with denial of service attacks being used as a means of retaliation against a policy, legal rulings or government actions.”