Yes, They ARE Trying To Hack Healthcare.Gov

As if the fledgling Healthcare.gov doesn’t have enough self-inflicted troubles, some on the right are actively attempting to derail the site, and thus “Destroy Obamacare!”

That’s the not-so-subtle name of a homegrown distributed denial-of-service (DDoS) attack tool that’s being advertised for download on some social networks, and which promises to overwhelm the Healthcare.gov website.

“This program continually displays alternate page of the ObamaCare website. It has no virus, Trojans, worms, or cookies. The purpose is to overload the ObamaCare website, to deny serivce [sic] to users and perhaps overload and crash the system,” reads the program’s grammar-and-spelling-challenged “about” screen. “You can open as many copies of this program as you want. Each copy opens multiple links to the site.”

“ObamaCare is an affront to the Constitutional rights of the people,” it adds. “We HAVE the right to CIVIL disobedience!”

(Would-be hacktivists might just want to do a quick check on Federal law regarding DDoS attacks before they take that “right” to “civil disobedience” too seriously.)

This is not to say that these attempts have been successful at bringing the ACA site to its knees.  Marc Eisenbarth, research manager at the DDoS defense firm, Arbor Networks, which brought this scheme to light says it’s not particularly likely to be effective.

Eisenbarth said this DDoS tool most likely can’t deliver what it promises. “The request rate, the non-distributed attack architecture and many other limitations make this tool unlikely to succeed in affecting the availability of the healthcare.gov site,” he said.

Alas, what this means is that someone with a modicum of coding skill thought he’d put out a tool which, if enough people would just act, could hobble the Federal health care site, making it inaccessible to consumers wishing to sign up for coverage. The problem for this dreamer is two-fold: 1) He hasn’t written very good code, and 2) there aren’t actually many people taking him up on the plan.

Still, the dream is alive, and as the ACA site continues to ramp-up to full functionality over the coming weeks, the desire to crash it will undoubtedly grow. So there is a possibility that, were enough ‘home-grown patriots’ to participate, the site could be made inaccessible to some visitors. Overall, though,this is a very amateurish attempt at hacktivism: weakly written, clumsily disseminated, and ultimately ineffective.

But this is also not the only attempt to bring the system down.

Hackers have attempted more than a dozen attacks on HealthCare.gov, the struggling website at the center of President Obama’s signature healthcare law, according to published news reports citing a top US official.

All of the attacks, which occurred from November 6 through November 8, failed and remain under investigation, Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications told a US House of Representatives committee Wednesday….

“We received about 16 reports from HHS that are under investigation and one open source report about a denial of service,” Stempfley told members of the House Homeland Security Committee, according to this report from CNN.

Fortunately, HHS has been very proactive in testing and patching the security of the site which, with social security numbers, e-mail addresses, phone numbers, birth dates, and other personal information, make it a prime target for financially motivated, as well as political, attacks.

By: Sandi Behrns

Sandi Behrns is a noted policy nerd, new media & web developer, and consultant to progressive organizations and campaigns. She is a senior contributor to Liberaland, and the Executive Editor of Progressive Congress News.