The Obamacare Web site debacle has angered many citizens, but one hacking group has vowed to “Destroy Obama Care!” Actually, the hacktivists go by that very name.
Destroy Obama Care has created a distributed-denial-of-service (DDoS ) tool that’s available for free download online. The hacker code aims to bring down the Healthcare.gov Web site, which has already had a slew of challenges servicing citizens.
“This program continually displays alternate page of the ObamaCare Web site. It has no virus, Trojans, worms, or cookies,” according to the group’s home page. “The purpose is to overload the ObamaCare Web site, to deny serivce [sic] to users and perhaps overload and crash the system. You can open as many copies of this program as you want. Each copy opens multiple links to the site."
Could it Backfire?
Destroy Obama Care isn’t doing anything entirely new here. The nefarious hacktivist group Anonymous took a similar approach with Low Orbit Ion Cannon (LOIC), which is essentially an open source network stress testing and DDoS attack app. Anybody can download and use it. Anonymous used LOIC to spark a widespread attack against PayPal.
We asked Joseph Lorenzo Hall, a senior staff technologist at the Center for Democracy & Technology, for his feedback on Destroy Obama Care. He told us the group could be asking for trouble.
“People need to realize that just because you hate Obamacare doesn’t mean you can engage in criminal activity to try to affect the technical functionality of Healthcare.gov. It sounds like this group is masterminding this type of campaign,” Hall said.
“Even if they claim that they are doing it on the up and up just by loading web pages, the intent is there. They are essentially distributing an attack tool. That’s going to get someone in trouble. The FBI is probably on it already,” he added.
How Serious Is It?
In a blog post, Marc Eisenbarth, an analyst at security firm Abor Networks, said the hacking tool is written in Delphi and performs layer seven requests to get the Healthcare.gov Web pages. As he sees it, “the request rate, the non-distributed attack architecture and many other limitations make this tool unlikely to succeed in affecting the availability of the Healthcare.gov site. It appears this application is available for download from a few a sources and has been mentioned on social media.”
Hall doesn’t think it would be too difficult for the government to stop because the in-progress attack likely gives off a regular signal that can be easily detected. Then again, he said, he’s not sure if the government has the security chops to see these types of issues.
“There have been so many egregious security flaws and the ones that have been exposed lately are not hypothetical. They are actually pretty serious,” Hall said. “I’d like to think the government is using some readily available high-grade mitigation tools like CloudFlare. There are very sophisticated companies that design tools that can stop this stuff pretty easily.”