While an utter lack of execution in the development process is likely the biggest problem causing the newly unveiled HealthCare.com website from working properly, the discovery of a distributed denial of service (DDoS) attack tool designed to overwhelm the site probably does not help matters.
The simple tool, discovered by researchers, has been making the rounds on several social media sites including Facebook and a number of torrent sites where users can download the malicious script.
“It appears this application is available for download from a few a sources and has been mentioned on social media,” the researchers said.
A denial of service attack is very low tech, and simply requires an aggressor to overwhelm a web server with so many requests at such a rapid rate that the system crashes. One way to achieve the volume and frequency required is to “crowd-source” the attack by enlisting a large number of participants.
A tool like the one designed to target HealthCare.gov can be widely dispersed for this purpose, and thus provide the foundation for a “distributed” attack such as those favored by hacktivist groups in the past.
Thus far the campaign has been largely unsuccessful, and there is no evidence that the tool in question has been successfully employed to cause any downtime for the HealthCare.com website.
“The request rate, the non-distributed attack architecture and many other limitations make this tool unlikely to succeed in affecting the availability of the healthcare.gov site,” the researchers concluded.
Read More Here…