New DoS attack directed at Healthcare.gov

New DoS attack directed at Healthcare.gov

Summary: Healthcare.gov can't catch a break.

SHARE:
zdnet-arbornetworks-ObamaCare_screenShot

Healthcare.gov has been plagued with problems since launching on October 1, and given how widely reported its vulnerabilities are, it's should come as no surprise that hackers are tapping into them.

Security software provider Arbor Networks pinpointed a new denial-of-service attack on the federal online healthcare exchange site.

But before things get out of control (more so than they already are), it should be immediately noted that Arbor researchers posited in a blog post on Thursday that this particular attack is "unlikely to succeed in affecting the availability of the healthcare.gov site."

Regardless, the report suggests that the DoS attack could be making the site inaccessible to some visitors trying to access "https://www.healthcare.gov" and "https://www.healthcare.gov/contact-us."

Of course, that could also be attributed to the infrastructure of the website to begin with. But Marc Eisenbarth, a research manager for Arbor Security Engineering and Response Team, pointed toward political motivations behind this attack, which is gaining awareness via social media.

ASERT has no information on the active use of this software. ASERT has seen site specific denial of service tools in the past related to topics of social or political interest. This application continues a trend ASERT is seeing with denial of service attacks being used as a means of retaliation against a policy, legal rulings or government actions.

Arbor also noted in its report that it hasn't seen any more "significant" DoS attacks on the federal website yet either.

Screenshot via Arbor Networks

Topics: Security, Government US, Health, Privacy, Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

113 comments
Log in or register to join the discussion
  • Hactivism?

    Healthcare.gov strikes me as an obvious target if you're a politically motivated hacker (or mere script kiddie) with Conservative/libertarian leanings. I'm afraid we're going to see a lot more of this from U.S. partisans on both sides in the next couple of years (I hope I'm wrong).

    One more thing to fix. It's probably a good thing that the security issue is being exposed now.
    John L. Ries
    • "the" security issue?

      seriously, that site is so bad it will serve as a good example for years to come
      wizardjr
      • Really?

        Most I talk to say it's working fine now.
        NoAxToGrind
        • LOL all 6 0f them

          remember, they have to reach a certain number for the whole program to be successful and the problem is that number is sketchy to begin with
          ScanBack
          • Lots of Luck Gov.Gov

            I'll put money on them not reaching 7 million in the timeframe they have set. Next step raise taxes to pay for the difference.
            BadDog40
    • John I. Ries view on Hactivism

      In these days of misinformation, disinformation, outright lies, and lies about lies, I would say it's just as plausible for the culprit to be an administration fan out to provide cover for the continuing failure of the site.

      Yeah, any day now we will here how the system was almost up and running at full speed until some hacker came along. Not my fault, says he.
      daddybdg@...
      • You sure it wasn't...

        ...some good hearted, but misguided opponent of the administration doing his part for freedom? Or maybe a garden variety vandal who did it because he could? Sabotage seems like a long shot to me as it makes the administration look even less competent on IT issues than it did before (not a hallmark of good public relations).
        John L. Ries
        • Sheesh.

          Sick sad part of all this? Now Obama and Co. have an out so they can blame all those rotten hackers and strengthen cyberlaws.

          Couldn't pry the Blackberry out of his hand during the campaign, now he acts like it's Kryptonite.
          EditorialGeek
        • who knows?

          I can get used to the administration looking less competent re: IT. 10 years ago we were having glitches of monstrous proportions in Iraq, thousands dying-Cheney lying and piling up a bill that my grandchildren will not be capable of paying off for another useless war.
          deanpatrick
    • Redundant - Healthcare.gov is a denial of service

      First day, 6 served. They must be up to 227 by now.
      greywolf7
      • Even if it's 227, they will have enrolled to just receive the benefits, but

        not to pay for the services. Likely, most people that enroll will be of the "Medicaid" variety, where they don't have to pay for anything. The people that Obamacare wants the most, won't be enrolling, and those are the people the system needs in order to pay for all benefits.
        adornoe
      • Medicaid

        80% of whatever number they announce are on Medicaid. They pay nothing. Taxpayers pay.
        BadDog40
      • Make no mistake healthcare.gov will not be fixed by end of November

        I don't believe there's a chance in Hades that it will be fixed by the end of November 2013 (Nov 2014, yes). Many people will sacrifice their entire month of Nov and Thanksgiving holiday and it will be improved somewhat but it will still be subpar, frustrating, and problematic. I do expect there will be declarations of victory and more denials during December until they are once again forced to admit its a bigger problem than they thought.
        greywolf7
    • Hmmm ...

      John L. Ries wrote:
      "an obvious target if you're a politically motivated hacker (or mere script kiddie) with Conservative/libertarian leanings"

      By "Conservative/libertarian leanings", are you by any chance referring to the Tea Party?
      Rabid Howler Monkey
      • Not as an institution

        I don't think Freedom Works is surreptitiously hiring or training "hacktivists", but individuals do all sorts of stupid things.
        John L. Ries
        • You, as an individual, are doing lots of stupid things,

          and you do a stupid thing every time you make your highly partisan comments with no proof whatsoever to back them up.
          adornoe
          • Hello pot

            This is kettle.
            harrim47
          • harrim47: Can't handle the truth?

            There is no pot, and there is no kettle.

            There is truth, and then there are the lies.

            The truth will remain the truth, no matter how much in denial you or John L. Ries continue to be in.
            adornoe
    • The Obamacare site didn't need to be hacked, and the

      "politically motivated" charge is just another excuse by those in the administration to, again, point fingers at others, instead of themselves.

      The hole design and coding of the web site is a disaster, and the people who created it did a better job at "disabling" it, than any hacker could ever do. When a system doesn't work to begin with, there is no need to hack it or perform a DoS against it.

      Now, stop being such an apologist for a disastrous administration.
      adornoe
      • adornoe: "The Obamacare site didn't need to be hacked"

        Apparently, the creator(s) and users of the healthcare.gov DOS tool disagree with you. Am happy to know that you are not among those using this tool to attack healthcare.gov. :)
        Rabid Howler Monkey