GAO Will Investigate The FCC's Dubious DDoS Attack Claims
from the somethin'-fishy-goin'-on dept
You might recall that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss FCC boss Ajit Pai’s myopic plan to kill those same rules, the FCC website crashed under the load a second time. That’s not particularly surprising; the FCC’s website has long been seen as an outdated relic from the wayback times of Netscape hit counters and awful MIDI music.
But then something weird happened. In the midst of all the media attention Oliver was receiving for his segment, the FCC issued a statement (pdf) by former FCC Chief Information Officer David Bray, claiming that comprehensive FCC “analysis” indicated that it was a malicious DDoS attack, not angry net neutrality supporters, that brought the agency’s website to its knees:
“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC?s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”
But security researchers who studied that claim found none of the usual indicators that would normally precede such an attack. And subsequent news outlet FOIA requests wound up showing that not only does there appear to have never been any such attack, there was no “analysis” conducted or documented. When media outlets began noticing that something fishy was going on, the FCC issued a punchy statement accusing the media of being “completely irresponsible,” while claiming it had plenty of data proving its attack claims (its FOIA responses to journalists state the complete opposite) — it just didn’t want to show its hand.
Most FCC watchers think there’s two options here. One, the FCC was incompetent and misread John Oliver viewers as a DDoS attack, then tried to cover up said incompetence. Or the FCC knew it wasn’t a DDoS attack, but constructed the narrative to try and downplay media coverage of the plan’s unpopularity, then tried to cover that up. The former is certainly in character, but the latter would go hand in hand with the agency’s apathy toward whoever has been spamming the FCC’s website with fraudulent “support” for what is fairly uniformly seen as shitty policy and a mindless hand out to big telecom.
Heeding calls for something vaguely resembling an answer, the General Accounting Office (GAO) has agreed to launch an investigation into what actually happened at the FCC:
“A spokesman for the Government Accountability Office (GAO) confirmed it has accepted a request from two Democratic lawmakers to probe the distributed denial of service (DDoS) attack that the FCC said disrupted its electronic comment filing system in May. The spokesman said that the probe, which was first reported by Politico, is ?now in the queue, but the work won?t get underway for several months.”
While this story will likely get buried by more pressing news, this inquiry could be notably important in regards to the FCC’s attempts to scuttle net neutrality. If the GAO inquiry finds that the FCC was inept or engaged in a cover up, that could raise all manner of procedural questions over whether the FCC was serving the public interest and following established agency protocol. Combined with the agency’s obvious apathy to the fact that some group is engaged in fraud to generate bogus support for killing net neutrality, whatever the GAO finds could provide some very interesting fodder for the lawsuits to come.
Filed Under: ajit pai, david bray, ddos, fcc, gao, net neutrality
Comments on “GAO Will Investigate The FCC's Dubious DDoS Attack Claims”
“but the work won’t get underway for several months”
And by that time the media cycle will be onto the next stupidity thing.
It’s common sense to know that something is fishy about the FCC tall tale, yet until its dis-proven it will be used as needed to support various claims.
Is it really bullshit if we don’t discover the proof until the cowchip has fully dried out?
Maybe we should just move to Mos Eisley, at least their travel brochure admits they are all liars and cheats.
Re: Re:
Way too late. We’ve been on the next stupidity thing after the last stupidity thing after the prior stupidity thing after FCC stupidity thing.
Maybe even further.
Re: Re:
Don’t be too worried about the timing. Due to the nature of FCC rule changes, this change may end up “going live” around the same time as the GAO investigation is tying up. That will keep them both in the same news cycle. If the truth about the system came out now, months before the rules were finalized, the public might forget about it before the final push to keep the FCC from doing something stupid.
there’s a hell of a lot more about the present FCC that needs investigating, particularly the total absence of consideration by Pai for the very people, the general public, that he and his opoes are supposed to be protecting!!
Re: Re:
That is a feature, not a bug according to the people who put him there.
From the FCC’s point of view, is there really any difference between a bunch of people who disagree with them, making their options known; and a DDoS attack?
Re: Re:
One of them is a bunch of unwanted traffic comprised of nothing but gibberish that they couldn’t care less about beyond it affecting the ability for their site to function.
The other is a DDoS attack.
The GAO will find that the FCC doesn’t have servers and that the non servers were in Kushner’s linen closet.
GAO will find the FCC was an alt-attack by an alt-DDOS that affected their alt-computers.
It’s been the Government Accountability Office since 2004. Just a heads up.
GAO… wonderful! They’ll find real, hard evidence of what actually took place.
Too bad we’ve abandoned that old-timey “evidence based” notion. We can still check Twitter, though, to find out what REALLY happened.
"Beginning on Sunday night at midnight,
Presumably correct.
our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos).
Probably wrong if only for ‘multiple’.
These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.
Dead on.
These actors were not attempting to file comments themselves;
Correct.
rather they made it difficult for legitimate commenters to access and file with the FCC."
This is flat-out wrong, considering (iirc) John Oliver’s show was directing people to it with every intention of filing legitimate comments- but perhaps it’s correct if you realize that the legitimate comments they’re complaining were made difficult to file were the ones in support of slashing NN.
So really, everything they said is perfectly correct!
The dog ate the evidence.
Honest!
Re: The dog ate the evidence.
The cableco/telco’s lapdog that is.
The Slashdot effect
The GAO will find it was the Slashdot effect which will lead to the FCC wanting to shut down Slashdot.