The FCC Claims A DDoS Attack — Not John Oliver — Crashed Its Website. But Nobody Seems To Believe Them
from the botnet-bravado dept
We just got done noting that the FCC’s commenting system crashed after comedian John Oliver’s latest bit on net neutrality last weekend. Given that Oliver’s first bit on net neutrality did the exact same thing, it didn’t take long before the media wires were filled with stories about how a flood of outraged net neutrality supporters had crippled FCC systems. Again.
But then something interesting happened. The FCC issued a statement (pdf) claiming that the agency’s website didn’t crash because of a flood of annoyed net neutrality supporters, but crashed due to “multiple DDoS attacks” that just happened to have been launched at the exact same time Oliver announced a specially crafted URL (GoFCCYourself.com) to make commenting on the FCC’s net neutrality-killing NPRM easier:
“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC?s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward.”
And while that may or may not be true, there’s a rising tide of skepticism about the FCC’s statement. For one, requests from multiple news outlets for additional detail on the scope and nature of the attack were met with total silence by the agency. And multiple security experts were quick to point out that there were none of the usual indicators, claims of responsibility or online chatter you see online ahead of many DDoS attacks:
“There don?t appear of be any indications of a DDoS attack in the sensors we use to monitor for such things,? said John Bambenek, a threat intelligence manger at Fidelis Cybersecurity. ?It appears the issue with the FCC is less of a DDoS attack, traditionally defined, and more of an issue of crowdsourcing comments generated by John Oliver and reddit.”
Jake Williams, CEO of cybersecurity firm Rendition InfoSec, said the agency ?offered no support? to prove a DDoS had occurred.
“There was no observed DarkWeb chatter about such a DDoS before or after the event and no botnets that I?m monitoring received any commands ordering a DDoS on the FCC?s site,? Williams said.
Of course that’s not definitive proof that the there wasn’t a DDoS attack, but the fact that the FCC isn’t willing to offer a shred of additional detail — along with the timing of the mystery “attack” — remains curious. And given that this is the same FCC that has spent the last few months claiming that gutting all regulatory oversight and public accountability of some of the least liked and least competitive companies in America somehow “restores freedom,” lying in a feeble attempt to squash the media narrative that a flood of pissed off consumers broke the FCC’s website wouldn’t be out of character for the Ajit Pai-led agecy.
Of course, there’s one way to settle any confusion: the FCC could release logs of its network traffic during the attack. Net neutrality activists were quick to demand as much. As was Senator Ron Wyden, who fired off a letter to the FCC asking for some hard data on the width and breadth of the attack. If it really was a malicious attack — and not just a throng of consumers genuinely annoyed by the FCC’s wave of recent anti-consumer behavior — it shouldn’t be particularly hard to prove.