Hacking tool threatens Healthcare.gov site

A new hacking tool called "Destroy Obama Care," circulating on social media, is designed to cripple the Healthcare.gov insurance exchange site. The "Destroy Obama Care" software is rudimentary, though, and security researchers say it probably isn't much of a threat to Healthcare.gov.

A new hacking tool called "Destroy Obama Care," discovered this week by security researchers, is designed to overwhelm the embattled insurance website. Here, President Barack Obama hugs a volunteer at a healthcare rally in Dallas, Texas.

Pablo Martinez Monsivais/AP

November 13, 2013

The Healthcare.gov exchange website has had a rocky launch -- to put it mildly. But in addition to network congestion and poor coding, the embattled site now faces another threat: a distributed denial-of-service (DDoS) tool that's designed to overwhelm Healthcare.gov.

The hacking tool is called "Destroy Obama Care," reports The Wall Street Journal's Danny Yadron, and although it isn't being used yet, security researchers say they have found it available for download and being discussed on several social media networks. The program doesn't contain any viruses; rather, it's meant to generate large amounts of automatic traffic to Healthcare.gov. If enough people were to employ the program, it could overwhelm the website's servers and prevent real users from accessing the site. 

In its current incarnation, though, the tool probably won't succeed in its goal, say researchers at Arbor Networks, a digital defense firm based in Massachusetts, which first discovered the software. Arbor Networks analysts examined the tool's code and determined that although it alternates between calling different areas of the Healthcare.gov site, it has many limitations that make it "unlikely to succeed in affecting the availability of the healthcare.gov site."

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

Nevertheless, the fact that this tool exists continues a trend of denial-of-service attacks being used to right perceived political or governmental wrongs, the Arbor Networks analysis concluded. The program's documentation seems to argue that the software itself is a legitimate form of protest: it notes, "ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!"

It's worth mentioning that this argument likely wouldn't hold up in court: the US Department of Justice and other law enforcement agencies have long argued that DDoS attacks constitute computer crime, not a legitimate act of civil disobedience. In October the DoJ indicted 13 men who, as part of the "hacktivist" collective Anonymous, attacked websites belonging to financial companies and the US government in 2010 and 2011.

DDoS attacks are nothing new -- they have been used for years by hackers to overwhelm Web servers in hopes of sending a message to companies, governments, and the public. The most well-known DDoS attacks to date have been performed by Anonymous, which -- in addition to targeting US financial and government sites two years ago -- brought down the Church of Scientology's website in 2008, the Tunisian government's site in 2011, and several US government and copyright sites in 2012.