Last May, former FCC Chief Information Officer (CIO) David Bray claimed that the agency was “a victim to a distributed denial-of-service (DDoS attack, a scheme in which hackers overwhelm a target site with fake traffic” during the net neutrality fight.
It looks like an upcoming report from the FCC’s inspector general will dispute Bray’s (DDoS) claims that a cyberattack hit the agency’s comment section in May 2017. Instead, it appears that concerned citizens, not bots or fake people, who wanted to show their support net neutrality made the FCC website slow down.
This supposed cyber attack happened after John Oliver of HBO’s Last Week Tonight urged his “viewers to flood FCC comments with support for ‘net neutrality’ legislation.”
A letter from Bray on May 8, 2017, stated that the agency “was ‘subject to multiple distributed denial-of-service attacks” and they “were ‘deliberate attempted by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host.”
The FCC said in July 2017 that the agency could find any “records of such an analysis ever being performed on its public comment system.” This response came after Gizmodo filed a Freedom of Information Act request for information regarding the alleged attack. The website received 16 pages, but most had redactions.
The inspector general’s office has worked on its investigation for several months and has not released the report, but FCC Chairman Pai has released statements on it:
“I want to thank the Office of the Inspector General, both for its thorough effort to get to the bottom of what happened and for the comprehensive report it has issued. With respect to the report’s findings, I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office.“On the other hand, I’m pleased that this report debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes. Indeed, as the report documents, on the morning of May 8, it was the former CIO who informed my office that ‘some external folks attempted to send high traffic in an attempt to tie-up the server from responding to others, which unfortunately makes it appear unavailable to everyone attempting to get through the queue.’ In response, the Commission’s Chief of Staff, who works in my office, asked if the then-CIO was confident that the incident wasn’t caused by a number of individuals ‘attempting to comment at the same time . . . but rather some external folks deliberately trying to tie-up the server.’ In response to this direct inquiry, the former CIO told my office: ‘Yes, we’re 99.9% confident this was external folks deliberately trying to tie-up the server to prevent others from commenting and/or create a spectacle.’
Pai went on to say that the FCC will upgrade its comment section, but has also instilled a new culture where people don’t have to fear or second guess themselves questioning a superior.
FCC Commissioner Jessica Rosenworcel released her own statement:
“The Inspector General Report tells us what we knew all along: the FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus. What happened instead is obvious—millions of Americans overwhelmed our online system because they wanted to tell us how important internet openness is to them and how distressed they were to see the FCC roll back their rights.”
This isn’t the first time people have caught Bray fabricating a story. In August 2017, Bray admitted that he was “the source behind a claim that the FCC was ‘hacked’ in 2014 during the net neutrality debate.” The agency’s security team found no evidence to back the claim.
Motherboard wrote about the supposed attack, “[D]rawing from the statements of a senior FCC official (Bray).” Gizmodo continued:
Motherboard described a “malicious” attack carried out against the FCC, attributing the tip to a high-level agency source: The agency had been “hacked” by “unknown digital assailants” using what was described as “database Denial of Service tactics.” It was an “onslaught,” the site said.Motherboard’s source was so well placed, in fact, the author wrote confidently that the FCC itself had “confirmed” the news. (The claim was supported by a second source as well, who had used words like “exploited” and “assaulted” to describe the incident.)
A former security contractor said that the team “couldn’t find any evidence of an attack” while the agency’s spokesperson said that “[I]f anything, a high volume of traffic caused the collapse.”
[Featured image via YouTube]
CLICK HERE FOR FULL VERSION OF THIS STORY