The US press is full of reports that the troubled US Healthcare.gov website appears to have been hit by a Denial of Service attack.
Despite huge amounts of dosh thrown at the site, Healthcare.gov has been plagued with problems since launching on October 1.
This week Security software provider Arbor Networks commented that there were rumors of a new denial-of-service attack crashing the federal online healthcare exchange site but wondered why anyone would say that.
But to be fair to Arbor, a DoS attack is the sort of thing that it was expecting and it had lots of defenses in place to stop it. It is not even sure that a DoS attack is actually happening.
Writing in their bog Arbor researchers said that this particular attack is “unlikely to succeed in affecting the availability of the healthcare.gov site.”
The outfit had recently found one tool that is designed to overload the webpage. The standalone tool is written in Delphi and performs layer seven requests to get the healthcare.gov webpage. The tool alternates between requesting https://www.healthcare.gov and https://www.healthcare.gov/contact-us. But this was also unlikely to work.
Marc Eisenbarth, a research manager for Arbor Security Engineering and Response Team, suggested that there are political motivations behind making the site appear under attack.
He wrote that ASERT has seen site specific denial of service tools in the past related to topics of social or political interest. This application continues a trend ASERT is seeing with denial of service attacks being used as a means of retaliation against a policy, legal rulings or government actions.
Given that the site might be just crashing anyway, it is possible that those who want to see the whole Obama care are stirring up FUD that a DoS attack will steal their data.