The Federal Communications Commission (FCC) is facing more accusations that it lied about being the target of a distributed denial-of-service (DDoS) attack that temporarily took down a comment section of its website, preventing people from voicing their opinion on net neutrality.
Last year, on May 7, comedian John Oliver asked viewers to submit comments to the FCC and speak out in support of net neutrality. However, the comment submission section wasn’t available at the time the program aired.
The FCC said it was because its system was hit by “multiple external distributed-denial-of-service (DDoS)” attacks due to an overwhelming amount of site traffic. Its claim was investigated by the US Government Accountability Office (GAO), but no solid evidence or documentation to support the claim has been released.
Accused of misleading the media
This week, a report by Gizmodo revealed how David Bray -- the FCC’s chief information officer between 2013 and June 2017 who was responsible for maintaining the comment system -- pushed the narrative that the comments section was taken down due to a cyberattack.
The report was based on redacted emails received through the Freedom of Information Act (FOIA) by American Oversight. It suggests that Bray tried to push the cyberattack narrative with claims that the public comment system had been the target of a similar attack in 2014. Bray even said former FCC chairman Tom Wheeler didn’t reveal this attack publicly “out of concerns of copycats.”
Coincidentally, both the 2014 and 2017 comment system outages occured right after Oliver used his HBO show to call on viewers to submit comments to the FCC in favor of saving net neutrality rules.
No evidence to support DDoS claim
According to Gizmodo, internal emails revealed that the “FCC conducted a quiet campaign to bolster its cyberattack story.”
“Internal emails reviewed by Gizmodo lay bare the agency’s efforts to counter rife speculation that senior officials manufactured a cyberattack, allegedly to explain away technical problems plaguing the FCC’s comment system amid its high-profile collection of public comments on a controversial and since-passed proposal to overturn federal net neutrality rules,” the report said.
“The FCC has been unwilling or unable to produce any evidence an attack occurred -- not to the reporters who’ve requested and even sued over it, and not to U.S. lawmakers who’ve demanded to see it. Instead, the agency conducted a quiet campaign to bolster its cyberattack story with the aid of friendly and easily duped reporters, by spreading word of an earlier cyberattack that never happened.”
Researchers doubt DDoS attack
Cybersecurity experts have expressed skepticism over the FCC’s claim that it was the target of a DDoS attack after Oliver’s program aired in May of last year.
“There don’t appear to be any indications of a DDoS attack in the sensors we use to monitor for such things,” John Bambenek, a threat intelligence manager at Fidelis Cybersecurity, said at the time. “It appears the issue with the FCC is less of a DDoS attack, traditionally defined, and more of an issue of crowdsourcing comments generated by John Oliver and Reddit.”
“There was no observed dark web chatter about such a DDoS before or after the event and no botnets that I’m monitoring received any commands ordering a DDoS on the FCC’s site,” said Jake Williams, CEO of cybersecurity firm Rendition InfoSec.
“This is a smoking gun”
Evan Greer, the deputy director of Fight for the Future, a consumer advocacy group focused on digital rights, described the emails as “a smoking gun.”
“The FCC lied to reporters, and to Congress, in order to obscure the fact that they utterly failed to maintain a legitimate public comment process, as they are legally required to do, in their net neutrality repeal proceeding. Overseeing the FCC is Congress’ job,” Greer wrote.
“Voters from across the political spectrum overwhelmingly oppose the gutting of net neutrality,” Greer continued. “No one wants their cable company controlling what they can see and do on the internet. Inaction is unacceptable. Any member of Congress who remains silent and fails to sign the discharge petition should prepare to face the Internet’s wrath come election time.”