(image by healthcare.gov) DMCA
There's talk that the ACA/Obamacare/Healthcare.gov website
been hacked by right-wingers?
That's the story buzzing around the web, twitter,
In a nutshell, the buzz is reporting that Homeland security
has identified at least 16 hack attacks on the healthcare.gov
website. This is based on testimony before the House Homeland
Security Committee, by Roberta Stempfley, acting assistant
secretary of the Department of Homeland Security's Office of
Cyber-security and Communications , shown in this youtube video
, which also reports that there was a
distributed denial of service attack, (DDOS) which failed. Denial
of service attacks aim to disable a website by overwhelming it with
too many attempts to access the site, thus overloading the
Informationweek.com has an article, Hackers Threaten Destruction Of Obamacare
, which reports,
"Destroy Obama Care!"
That's the not-so-subtle name of a homegrown distributed
denial-of-service (DDoS) attack tool that's being advertised for
download on some social networks, and which promises to overwhelm
the Healthcare.gov website.
"This program continually displays alternate page of the ObamaCare
website. It has no virus, Trojans, worms, or cookies. The purpose
is to overload the ObamaCare website, to deny serivce [sic] to
users and perhaps overload and crash the system," reads the
program's grammar- and spelling-challenged "about" screen. "You can
open as many copies of this program as you want. Each copy opens
multiple links to the site."
"ObamaCare is an affront to the Constitutional rights of the
people," it adds. "We HAVE the right to CIVIL disobedience!"
Marc Eisenbarth, of Arbor Security Engineering and Response
Team (ASSERT) commented in a blog post
, that the "Destroy
Obamacare" DDOS attack, because of it's " architecture and many
other limitations make this tool unlikely to succeed in affecting
the availability of the healthcare.gov site." Eisenbarth also
" ASERT has seen site specific denial of service tools
in the past related to topics of social or political interest.
This application continues a trend ASERT is seeing with
denial of service attacks being used as a means of retaliation
against a policy, legal rulings or government
The Informationweek.com article also mentions that half of
DDOS attacks are ideological in nature. The publisher of the
"Destroy Obamacare" website characterizes the DDOS as civil
disobedience, and others have referred to this kind of activity as
hacktivism. But the Informationweek.com article adds,
"What of the "Destroy Obama Care!" tool's premise that
it allows users to exercise their right to civil disobedience? On
this front, the tool's author has read his or her U.S. legal code
incorrectly. Indeed, U.S. law enforcement agencies have vigorously
prosecuted people who launch DDoS attacks against any
On the left, people are commenting and tweeting things
Right wingers are posting comments like:
The fact is, DDOS attacks are very common. It is likely that
any website that evokes an ideological response will have some DDOS
experiences. This website has repeatedly experienced DDOS attacks
over the years. The answer is for the server management team to
build a robust defense system that detects DDOS attacks and
responds to them.
I would guess that the healthcare.gov site has actually had
many more than 16 attempted hacks. This has become so common that
it is barely news and not an acceptable excuse for the failure of
the site to operate as it should.
As far as the "Destroy Obamacare" website, it is likely that
people using it are not masking their IP addresses, which will make
them easy targets for prosecution. I have mixed feelings about
that. Should politically motivated DDOS attacks be considered
hacktivist civil disobedience comparable to protesters blocking
sidewalk access to buildings? Or should DDOS hackers be prosecuted
as criminals, even terrorists. With the recent sentencing of
Stratfor hacker Jeremy Hammond, it is essential that any
prosecution of people engaging in digital political be carefully
considered and evaluated in light of the rights of protesters and
free speech. If the Supreme Court can declare that money is speech,
is it unreasonable to consider that DDOSs are also a form of
expression, just as shouting over a speak is?
|The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.