GAO Will Investigate The FCC's Dubious DDoS Attack Claims

from the somethin'-fishy-goin'-on dept

You might recall that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. That's not particularly surprising; the FCC's website has long been seen as an outdated relic from the wayback times of Netscape hit counters and awful MIDI music.

But then something weird happened. In the midst of all the media attention Oliver was receiving for his segment, the FCC issued a statement (pdf) by former FCC Chief Information Officer David Bray, claiming that comprehensive FCC "analysis" indicated that it was a malicious DDoS attack, not angry net neutrality supporters, that brought the agency's website to its knees:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

But security researchers who studied that claim found none of the usual indicators that would normally precede such an attack. And subsequent news outlet FOIA requests wound up showing that not only does there appear to have never been any such attack, there was no "analysis" conducted or documented. When media outlets began noticing that something fishy was going on, the FCC issued a punchy statement accusing the media of being "completely irresponsible," while claiming it had plenty of data proving its attack claims (its FOIA responses to journalists state the complete opposite) -- it just didn't want to show its hand.

Most FCC watchers think there's two options here. One, the FCC was incompetent and misread John Oliver viewers as a DDoS attack, then tried to cover up said incompetence. Or the FCC knew it wasn't a DDoS attack, but constructed the narrative to try and downplay media coverage of the plan's unpopularity, then tried to cover that up. The former is certainly in character, but the latter would go hand in hand with the agency's apathy toward whoever has been spamming the FCC's website with fraudulent "support" for what is fairly uniformly seen as shitty policy and a mindless hand out to big telecom.

Heeding calls for something vaguely resembling an answer, the General Accounting Office (GAO) has agreed to launch an investigation into what actually happened at the FCC:

"A spokesman for the Government Accountability Office (GAO) confirmed it has accepted a request from two Democratic lawmakers to probe the distributed denial of service (DDoS) attack that the FCC said disrupted its electronic comment filing system in May. The spokesman said that the probe, which was first reported by Politico, is “now in the queue, but the work won’t get underway for several months."

While this story will likely get buried by more pressing news, this inquiry could be notably important in regards to the FCC's attempts to scuttle net neutrality. If the GAO inquiry finds that the FCC was inept or engaged in a cover up, that could raise all manner of procedural questions over whether the FCC was serving the public interest and following established agency protocol. Combined with the agency's obvious apathy to the fact that some group is engaged in fraud to generate bogus support for killing net neutrality, whatever the GAO finds could provide some very interesting fodder for the lawsuits to come.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ajit pai, david bray, ddos, fcc, gao, net neutrality


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 17 Oct 2017 @ 6:23am

    "but the work won’t get underway for several months"

    And by that time the media cycle will be onto the next stupidity thing.

    It's common sense to know that something is fishy about the FCC tall tale, yet until its dis-proven it will be used as needed to support various claims.

    Is it really bullshit if we don't discover the proof until the cowchip has fully dried out?

    Maybe we should just move to Mos Eisley, at least their travel brochure admits they are all liars and cheats.

    link to this | view in chronology ]

    • identicon
      kallethen, 17 Oct 2017 @ 7:35am

      Re:

      And by that time the media cycle will be onto the next stupidity thing.

      Way too late. We've been on the next stupidity thing after the last stupidity thing after the prior stupidity thing after FCC stupidity thing.

      Maybe even further.

      link to this | view in chronology ]

    • icon
      R.H. (profile), 18 Oct 2017 @ 9:12am

      Re:

      Don't be too worried about the timing. Due to the nature of FCC rule changes, this change may end up "going live" around the same time as the GAO investigation is tying up. That will keep them both in the same news cycle. If the truth about the system came out now, months before the rules were finalized, the public might forget about it before the final push to keep the FCC from doing something stupid.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2017 @ 6:25am

    there's a hell of a lot more about the present FCC that needs investigating, particularly the total absence of consideration by Pai for the very people, the general public, that he and his opoes are supposed to be protecting!!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Oct 2017 @ 7:34am

      Re:

      That is a feature, not a bug according to the people who put him there.

      link to this | view in chronology ]

  • icon
    Bt Garner (profile), 17 Oct 2017 @ 6:59am

    From the FCC's point of view, is there really any difference between a bunch of people who disagree with them, making their options known; and a DDoS attack?

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 17 Oct 2017 @ 7:21am

      Re:

      One of them is a bunch of unwanted traffic comprised of nothing but gibberish that they couldn't care less about beyond it affecting the ability for their site to function.

      The other is a DDoS attack.

      link to this | view in chronology ]

  • icon
    Berenerd (profile), 17 Oct 2017 @ 7:15am

    The GAO will find that the FCC doesn't have servers and that the non servers were in Kushner's linen closet.

    link to this | view in chronology ]

  • identicon
    Baron von Robber, 17 Oct 2017 @ 7:25am

    GAO will find the FCC was an alt-attack by an alt-DDOS that affected their alt-computers.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2017 @ 7:33am

    It's been the Government Accountability Office since 2004. Just a heads up.

    link to this | view in chronology ]

  • icon
    Vidiot (profile), 17 Oct 2017 @ 7:51am

    GAO... wonderful! They'll find real, hard evidence of what actually took place.

    Too bad we've abandoned that old-timey "evidence based" notion. We can still check Twitter, though, to find out what REALLY happened.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2017 @ 9:27am

    "Beginning on Sunday night at midnight, Presumably correct.

    our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). Probably wrong if only for 'multiple'.

    These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. Dead on.

    These actors were not attempting to file comments themselves; Correct.

    rather they made it difficult for legitimate commenters to access and file with the FCC." This is flat-out wrong, considering (iirc) John Oliver's show was directing people to it with every intention of filing legitimate comments- but perhaps it's correct if you realize that the legitimate comments they're complaining were made difficult to file were the ones in support of slashing NN.

    So really, everything they said is perfectly correct!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Oct 2017 @ 10:55am

    The dog ate the evidence.

    Honest!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Oct 2017 @ 8:49am

    The Slashdot effect

    The GAO will find it was the Slashdot effect which will lead to the FCC wanting to shut down Slashdot.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.