I'm sitting back in the bahamas enjoying the fruits of my labor, with $1M in my bank account, dedicated Internet to my bungalow and as much rum as I can drink. After 7 months of work, I'm enjoying the fruits of my labor to help make sure the launch of ObamaCare is a wild failure.
I was approached back in March, by a gentleman who will remain un-named, who I will refer to as Marco. Marco approached me with $500K and asked me if I could successfully reverse engineer the upcoming Healthcare.gov implementation and identify the weakest link in the architecture, and make sure on delivery date, this link was exploited. Once successful he said he would wire me another $500K.
It sounded like a worthy challenge, and just like the money men behind the operation I wanted that socialist bastard Obama and his communist medicine program to fail, fail, fail fail. Goddam Muslim!
Early on I knew that some states would launch their own registration portals for ObamaCare, but there were still over half of the states that would be dependent on a centralized system, and the optimal choke point would be the registration process. If people couldn't register, there would be serious frustration, finger pointing and the socialist plot would be a failure.
Knowing that I needed to overload the registration process, I began planning what would be essentially a Distributed Denial of Service (DDOS) attack, but I needed to be smarter, I didn't want it to look like a DDOS attack. It needed to look like business as usual for the launch of the program.
Throughout the spring and summer I prepared my "Army of Enthusiastic ObamaCare Registrants". I created fake names, with fake addresses, complete with local entry points onto the Internet to make it look like my fake registrants were truly coming from all around the country. This would take time, but with some simple malware targeting various demographics I was able to setup a botnet army of home computers to route my healthcare registrants through.
I was prepared, with my silent army waiting in the shadows, and once Healthcare.gov publicly announced I got to work identifying the best parts of the registration process to target. While I found a myriad of poorly engineered bottlenecks, there was one clear target:
https://www.healthcare.gov/ee-rest/ffe/en_US/MyAccountEIDMUnsecuredIntegration/createLiteEIDMAccount
This was the initial point where every user was required to register, and the system behind was a bloated piece of Java shit that would gladly support me in the overloading of its operations. I was sure that there was nothing elastic about this system, and every user needed to interact with it before they could proceed.
I got to work orchestrating my army of registrants to login, attempt to register from IP addresses across the country, spread out at the peak periods of Internet usage, and made sure they pushed refresh, and retried as much as possible. My army of enthusiastic registrants would look like any of the other sheep lining up to the socialist healthcare feeder.
While this target was definitely the anchor in my strategy, I wanted to make sure other secondary targets were also overloaded in different ways, from various locations. There were a number of JavaScript and 3rd party resources used in the registration flow, and I made sure these were adequately slowed, adding to the overall bloat of the ObamaCare registration flow.
All of these attacks were carefully scripted, timed and tested where for the last week I've been able to sit back in my bungalow , enjoying my rum and the fruits of my labor. I'm pretty impressed with myself, and I outdid myself this time. I know from talking with Marco, there were other plans in the works beyond mine, but I only needed to know about my role, and nothing else--it is safer that way.
Take that Obama! America is too great for your socialist, communist, muslim invasion!
