Hacking tool threatens Healthcare.gov site

A new hacking tool called "Destroy Obama Care," circulating on social media, is designed to cripple the Healthcare.gov insurance exchange site. The "Destroy Obama Care" software is rudimentary, though, and security researchers say it probably isn't much of a threat to Healthcare.gov.

Pablo Martinez Monsivais/AP
A new hacking tool called "Destroy Obama Care," discovered this week by security researchers, is designed to overwhelm the embattled insurance website. Here, President Barack Obama hugs a volunteer at a healthcare rally in Dallas, Texas.

The Healthcare.gov exchange website has had a rocky launch -- to put it mildly. But in addition to network congestion and poor coding, the embattled site now faces another threat: a distributed denial-of-service (DDoS) tool that's designed to overwhelm Healthcare.gov.

The hacking tool is called "Destroy Obama Care," reports The Wall Street Journal's Danny Yadron, and although it isn't being used yet, security researchers say they have found it available for download and being discussed on several social media networks. The program doesn't contain any viruses; rather, it's meant to generate large amounts of automatic traffic to Healthcare.gov. If enough people were to employ the program, it could overwhelm the website's servers and prevent real users from accessing the site. 

In its current incarnation, though, the tool probably won't succeed in its goal, say researchers at Arbor Networks, a digital defense firm based in Massachusetts, which first discovered the software. Arbor Networks analysts examined the tool's code and determined that although it alternates between calling different areas of the Healthcare.gov site, it has many limitations that make it "unlikely to succeed in affecting the availability of the healthcare.gov site."

Nevertheless, the fact that this tool exists continues a trend of denial-of-service attacks being used to right perceived political or governmental wrongs, the Arbor Networks analysis concluded. The program's documentation seems to argue that the software itself is a legitimate form of protest: it notes, "ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!"

It's worth mentioning that this argument likely wouldn't hold up in court: the US Department of Justice and other law enforcement agencies have long argued that DDoS attacks constitute computer crime, not a legitimate act of civil disobedience. In October the DoJ indicted 13 men who, as part of the "hacktivist" collective Anonymous, attacked websites belonging to financial companies and the US government in 2010 and 2011.

DDoS attacks are nothing new -- they have been used for years by hackers to overwhelm Web servers in hopes of sending a message to companies, governments, and the public. The most well-known DDoS attacks to date have been performed by Anonymous, which -- in addition to targeting US financial and government sites two years ago -- brought down the Church of Scientology's website in 2008, the Tunisian government's site in 2011, and several US government and copyright sites in 2012.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.