The FCC Claims A DDoS Attack -- Not John Oliver -- Crashed Its Website. But Nobody Seems To Believe Them

from the botnet-bravado dept

We just got done noting that the FCC's commenting system crashed after comedian John Oliver's latest bit on net neutrality last weekend. Given that Oliver's first bit on net neutrality did the exact same thing, it didn't take long before the media wires were filled with stories about how a flood of outraged net neutrality supporters had crippled FCC systems. Again.

But then something interesting happened. The FCC issued a statement (pdf) claiming that the agency's website didn't crash because of a flood of annoyed net neutrality supporters, but crashed due to "multiple DDoS attacks" that just happened to have been launched at the exact same time Oliver announced a specially crafted URL (GoFCCYourself.com) to make commenting on the FCC's net neutrality-killing NPRM easier:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments. We have worked with our commercial partners to address this situation and will continue to monitor developments going forward."

And while that may or may not be true, there's a rising tide of skepticism about the FCC's statement. For one, requests from multiple news outlets for additional detail on the scope and nature of the attack were met with total silence by the agency. And multiple security experts were quick to point out that there were none of the usual indicators, claims of responsibility or online chatter you see online ahead of many DDoS attacks:

"There don’t appear of be any indications of a DDoS attack in the sensors we use to monitor for such things,” said John Bambenek, a threat intelligence manger at Fidelis Cybersecurity. “It appears the issue with the FCC is less of a DDoS attack, traditionally defined, and more of an issue of crowdsourcing comments generated by John Oliver and reddit."

Jake Williams, CEO of cybersecurity firm Rendition InfoSec, said the agency “offered no support” to prove a DDoS had occurred.

"There was no observed DarkWeb chatter about such a DDoS before or after the event and no botnets that I’m monitoring received any commands ordering a DDoS on the FCC’s site,” Williams said.

Of course that's not definitive proof that the there wasn't a DDoS attack, but the fact that the FCC isn't willing to offer a shred of additional detail -- along with the timing of the mystery "attack" -- remains curious. And given that this is the same FCC that has spent the last few months claiming that gutting all regulatory oversight and public accountability of some of the least liked and least competitive companies in America somehow "restores freedom," lying in a feeble attempt to squash the media narrative that a flood of pissed off consumers broke the FCC's website wouldn't be out of character for the Ajit Pai-led agecy.

Of course, there's one way to settle any confusion: the FCC could release logs of its network traffic during the attack. Net neutrality activists were quick to demand as much. As was Senator Ron Wyden, who fired off a letter to the FCC asking for some hard data on the width and breadth of the attack. If it really was a malicious attack -- and not just a throng of consumers genuinely annoyed by the FCC's wave of recent anti-consumer behavior -- it shouldn't be particularly hard to prove.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 10 May 2017 @ 9:46am

    But Nobody Seems To Believe Them

    Why would they? Given the misdirection and outright lies told in support of current activities, precedent exists to NOT believe them.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 May 2017 @ 11:40am

      Re: But Nobody Seems To Believe Them

      Disbelief is the default condition.

      All unsupported claims by politicians or C-suite execs are lies. Even those with supporting evidence are full of lies.

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 10 May 2017 @ 9:52am

    Having seen this other story about a bot flooding the same comment using real peoples names, who haven't signed up to send messages, had me wondering if the DDOS was just a misconfigured bot trying to astroturf.

    http://www.zdnet.com/article/a-bot-is-flooding-the-fccs-website-with-fake-anti-net-neutral ity-comments/

    Or perhaps the influx of actual people using the website & other methods to be heard made it hard for the bot to post the same message over & over.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 May 2017 @ 10:01am

    It was a DDOS.

    Just not an automated one. John Oliver makes his broadcast and then a lot of customers who are Distributed nationwide respond, attacking the FCC policies and making known their dislike of recent changes.

    From the FCC pov..
    Q: Were packets coming in from a wide variety of locations?
    A: Yes

    Q: Was the level of traffic high enough to bring down our system?
    A: Yes

    Conclusion: OMG! We're being subjected to a DDOS!!! After all, the number real people who are actually interested in our actions and policies is small and our web site can easily support a few people every second.

    reply to this | link to this | view in chronology ]

  • icon
    Not an Electronic Rodent (profile), 10 May 2017 @ 10:09am

    well, close

    FCC was subject to multiple distributed denial-of-service attacks

    Surely the "denial of service" is coming from the FCC? That's what all those people were trying to complain about, right?

    reply to this | link to this | view in chronology ]

  • identicon
    GetRidOfPai, 10 May 2017 @ 10:27am

    Pai could get fired

    Opinion

    Just my own hope that Pai could end up without a job if it's found that he lied.

    Either he lied or doesn't understand technology. Either means he's not fit for the position he holds.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 May 2017 @ 10:28am

    The comments section IS being Astroturfed by 'Anti Net-Neutrality' bots, read the logged comments. Brittany Lastname1, Brittany Lastname2, Brittany Lastname3, Britteny Lastname 4, etc, all with the same copy-paste comment. Hmmm.....

    reply to this | link to this | view in chronology ]

    • icon
      justinoob (profile), 11 May 2017 @ 11:11pm

      Re:

      exactly. i went to the site tuesday evening and it was a list of "brittany" s and "brian"s, spelled in every odd permutation, with a canned message about "the unprecedented regulatory power [of the] obama adminitstration..."
      they were flooding their own site w/ pro-pai/fcc spam.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 May 2017 @ 10:34am

    hen your decision has already been made, anything that suggests you are wrong has to be explained away, so DDOS it was.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 10 May 2017 @ 12:32pm

      Re:

      I am not surprised at what is happening here. Likely FCC has hired a third party to run its service to avoid a repeat of the last storm on their site. Because the third party vendor doesn't want to admit that their service was overloaded by the storm of commenters that the system didn't load correctly/fast enough, which caused a lot of impatient users to continuously refresh: You end up with something that looks like a DDoS attack.

      It would not be the first time in history such a thing has happened and it will happen again and again. DDoS is such an extremely convenient excuse because it is almost impossible to disprove.

      reply to this | link to this | view in chronology ]

  • identicon
    Brittany Lastname1, 10 May 2017 @ 2:07pm

    When the 2016 Australian online census fell over they claimed it was a DDOS attack too. There was no evidence for it being true then either - and everything pointed to it just not being set up to handle the traffic.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 May 2017 @ 2:09pm

    'Cuz We Said So

    This is totally in keeping with the new administration's general game-plan for handling its failures and countering its critics. Lie, and when questioned, repeat the lie louder or stonewall with a disdainful "asked-and-answered" reply.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 May 2017 @ 2:29pm

    As far as I can tell, the submission of comments isn't working. I put in a comment with all necessary information and the submit button on the review step does nothing.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 May 2017 @ 6:30am

    Site bogged down and can't load > you can't leave a commemt > your session didn't leave a commemt, so obviously you're just part of a DDOS.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 May 2017 @ 2:05pm

    Taken at face value, another explanation works. Someone in the cable industry saw Oliver's thing and launched a DDoS to block the pro-neutrality comments that were going to come in from the public. They wouldn't talk about it on the dark net because they already have the means to launch it themselves, or just contact a DDoS for hire firm.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 12 May 2017 @ 3:09am

    The agency that cried 'We care about protecting the public!'

    Funny that, when an agency lies so often that it's assumed to be the default mode of communication from it no-one believes it even if they are telling the truth.

    Who would have thought?

    reply to this | link to this | view in chronology ]

  • identicon
    Tk, 12 May 2017 @ 10:19am

    I personally find it interesting that many of the same folks who are militantly pushing for the FCC to be in charge of the internet also are quick to assume that the agency is too incompetent to run a working website. The future under net neutrality is bright indeed.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 12 May 2017 @ 2:35pm

      'Companies that offer internet service' does not equal 'The internet'

      I personally find it interesting that many of the same folks who are militantly pushing for the FCC to be in charge of the internet also are quick to assume that the agency is too incompetent to run a working website.

      You must be reading a strange version of TD, as I'm not aware of anyone here that holds that position. Keep companies in check such that they don't get to play kings, 'graciously' granting some sites/companies preferential treatment in exchange for payment in some form or another sure(ideally anyway, as the current stooge in charge of the agency cares nothing about the public), but that's significantly different than being in charge of the internet.

      reply to this | link to this | view in chronology ]

      • icon
        The Wanderer (profile), 13 May 2017 @ 4:52am

        Re: 'Companies that offer internet service' does not equal 'The internet'

        Yep.

        AFAIK, nobody is pushing for the FCC to be in charge of the Internet.

        What some people are pushing for is for the FCC to have specific authority over the Internet-access market, which could be spun as giving them (limited) control of that market, but not of the Internet itself.

        There are at least two distinct things which get conflated under the same name:

        • Access to the Internet, also known as "Internet service". This is what ISPs originally provided, and is what would - and should - qualify for common-carrier status: the connection and the pipe. I believe the FCC calls this "communications services", or words to that effect.

        • Services on and over the Internet - E-mail servers and search engines, for example. I believe the FCC calls this "information services". ISPs also often provide these, but they need to be kept separate from the previous category, and treated / regulated differently.

        (Arguably "the Internet itself" or "the actual Internet" should be a third distinct thing, but I'm having a hard time defining it cleanly in a way that doesn't have too much overlap with "services on and over".)

        The first, key mistake which led us to the current market situation was failing to maintain the distinction between those two things.

        Back in (I think) the early noughts, or possibly the late '90s, some of the major ISPs successfully argued both A: that the second type of services are correctly classified as information services, and B: that since ISPs do usually provide services of the second type (E-mail accounts, for example) as well as of the first, they should be classified and regulated under the second category.

        They somehow hoodwinked the regulators into failing to recognize that most ISPs actually provide two distinct types of services, which need to be regulated separately.

        reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.