The roll out of the Healthcare.gov site in the United States has been met with a significant amount of news coverage. Reports have indicated that the site has been inaccessible to some people when they have attempted to visit it. ASERT has no direct knowledge of any significant denial of service attacks directed towards the site. However, ASERT has recently found one tool that is designed to overload the webpage.
The standalone tool is written in Delphi and performs layer seven requests to get the healthcare.gov webpage. The tool alternates between requesting the following URLs:
A screenshot of the tool follows:
As we see in the call-graph below, the request rate, the non-distributed attack architecture and many other limitations make this tool unlikely to succeed in affecting the availability of the healthcare.gov site. It appears this application is available for download from a few a sources and has been mentioned on social media.
ASERT has no information on the active use of this software. ASERT has seen site specific denial of service tools in the past related to topics of social or political interest. This application continues a trend ASERT is seeing with denial of service attacks being used as a means of retaliation against a policy, legal rulings or government actions.
Example MD5: eb0b51567b383ac26eaec23861ea5282