“Attack” on FCC over net neutrality was legitimate traffic, report says

Oh, that poor, poor, net neutrality commenting system. If it wasn’t HBO’s John Oliver unleashing his flying monkeys on the Federal Communications Commission (FCC) – him with that site of his, giving people an actual, direct, non-convoluted way to get to the spleen-venting comments page – it was those gosh-darned distributed denial of service (DDoS) attacks.

As you may recall, in May 2017, the FCC was advancing its plan to curtail the USA’s net neutrality rules when Oliver served up an epic 19-minute rant inciting vast mobs of internet users to rise up and demand that the FCC get out of their faces.

At the height of the net neutrality debate, the commenting system struggled under the strain of responding to the mighty onslaught of visitors, leaving people stuck stewing in that spleen for a few days. At the time, FCC CIO Dr. David Bray blamed the bombardment on all those nasty hackers:

These were deliberate attempts by external actors to bombard the FCC’s comment system… While [it] remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments.

Yes. Well. So. Anyway. About those DDoS attacks.

On Monday FCC Chairman Ajit Pai issued a statement ahead of an FCC Office of Inspector General (OIG) report that found that no evidence of DDoS attacks had been found.

The finding came to light after the FCC’s Office of Inspector General (OIG) investigated the supposed DDoS attacks. Pai said he’s glad that the report “debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes.”

The fake DDoS news came from all those Obama hires that concocted the fictitious DDoS attacks, Pai said, thereby throwing CIO Bray and his underlings under the bus:

I am deeply disappointed that the FCC’s former [CIO], who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office.

So if it wasn’t a cyberattack, what was it? According to the OIG report, released Tuesday, the comment system problems were most likely caused by a combination of “system design issues” and a massive surge in legitimate traffic after John Oliver told millions of TV viewers to flood the FCC’s website with pro-net neutrality comments.

The OIG investigators couldn’t “substantiate the allegations of multiple DDoS attacks” that Bray alleged – and which the FCC has alleged for over a year – the report says.

At best, the published reports were the result of a rush to judgment and the failure to conduct analyses needed to identify the true cause of the disruption to system availability.

Granted, the OIG report says, there was a smattering of “anomalous activity.” DoS attempts can’t be entirely ruled out during the period in question, from 7 May 2018 to 9 May 2018. Still, the report says…

We do not believe this activity resulted in any measurable degradation of system availability given the minuscule scale of the anomalous activity relative to the contemporaneous voluminous viral traffic.

The OIG said it was apparent from the get-go that the press releases about cyberattacks seemed to have been pulled out of thin air, given the lack of corroborating documentation:

We learned very quickly that there was no analysis supporting the conclusion in the [FCC] press release, there were no subsequent analyses performed, and logs and other material were not readily available.

Following the initial crash, the FCC explicitly blamed DDoS attacks. From the agency’s original statement:

Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDoS). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward.

The report also found that Pai’s office did nothing to inform the IT department about the oncoming onslaught of John Oliver-prompted traffic:

FCC Management was aware The Last Week Tonight with John Oliver program was considering an episode on the Net Neutrality proceeding but did not share that information with the CIO or IT group.

Bray, the former CIO, said the OIG never contacted him for the report and that he hadn’t had the opportunity to share what he observed or concluded during the incident.

When Gizmodo asked the FCC why investigators hadn’t questioned Bray, it got no response. But according to the publication, Bray has previously leaked “baseless” claims that the FCC was struck by another cyberattack in 2014. He was also the first FCC official to publicly claim that attackers had gone after the comment system last May – in spite of the FCC’s security team having found no evidence of malicious intrusion.

Late on Tuesday, Senator Ron Wyden put out a statement saying that the OIG report shows that the American people were deceived by the FCC and Chairman Pai as they went about doing the bidding of Big Cable.

Easier to do that than to listen to the majority of people who fought for net neutrality, he said:

It appears that maintaining a bogus story about a cyberattack was convenient cover to ignore the voices of millions of people who were fighting to protect a free and open internet.