Journalist Sues FCC For Hiding Details About Its Alleged, Phantom DDOS Attack
from the calling-your-bluff dept
You might recall that when John Oliver did his latest piece on net neutrality, the FCC’s comment system ground to a halt under the load of viewers pissed to realize that the FCC is trying to kill popular consumer protections protecting them from buffoonery by the likes of Comcast. But the FCC then did something odd: it claimed that a DDOS attack, not HBO’s hit show, resulted in the website’s issues. A statement issued by the FCC proclaimed that extensive “analysis” by the FCC had led the agency to conclude that it had suffered the attack at roughly the same time Oliver’s program had ended:
“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC?s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”
The problem: security experts saw no evidence that claim was true in publicly available logs, and saw none of the usual indicators preceding such an attack. And the FCC ever since has been bizarrely cagey, refusing to provide any evidence whatsoever supporting its claim. The FCC was subsequently prodded by several Senators as to the nature of the attack, but the FCC still refused to share any real data, despite agency boss Ajit Pai repeatedly, breathlessly insisting he would be a stalwart defender of transparency at the agency.
And when Gizmodo recently filed a FOIA request for anything regarding the nature of the attack, the FCC first released seventeen pages of nonsense, before admitting it had no documented “analysis” proving an attack as previously claimed. When additional websites began to point out that the FCC’s behavior here was a little odd, the agency sent out a strangely-punchy press release lambasting news outlets for being “irresponsible.”
So what’s really happening here? The unsubstantiated journalist guess du jour is that the FCC bizarrely made up a DDOS attack in a feeble attempt to downplay the “John Oliver effect” in the media. “We weren’t inundated by millions of people angry that we’re killing popular consumer protections solely to the benefit of Comcast,” this narrative suggests, “we were unfairly attacked!” The fact that there never actually was a DDOS attack would go a long way toward explaining the Trump FCC’s subsequent inability to provide any evidence supporting the claim, even under pressure from Congress.
Hoping to flesh this theory out a bit, journalist Kevin Collier last week filed a lawsuit against the FCC (pdf) not only demanding more data on the agency’s supposed DDOS attack, but also urging the FCC to provide some insight on what it’s doing to address the wave of bogus, bot-produced anti-net neutrality comments flooding the agency’s website in recent months:
“Collier said his records request was prompted by the FCC?s ?weird and cagey? inclination to obscure details about the incident. ?The fact that they gave Gizmodo such a runaround in its own request for internal ?analysis? of the attack just goes to show this,? he said. ?I want to know the full story.? Sen. Ron Wyden, Democrat of Oregon, told Gizmodo last week the FCC?s actions raised ?legitimate questions about whether the agency is being truthful when it claims a DDoS attack knocked its commenting system offline.?
Again, the refusal to address fraudulent anti-net neutrality comments being made at the FCC website (like the one made in my name), combined with the FCC’s bizarre, phantom DDOS attack, has many believing the FCC is actively engaged in an intentional, amateurish attempt to downplay the massive backlash to their assault on net neutrality. And while it’s entirely possible the FCC is just being non-transparent and generically stupid here, if it can be proved the agency actively lied about a DDOS attack then covered it up simply to downplay the immense unpopularity of its policies, the inevitable lawsuits against the agency in the wake of its final vote to kill the rules could get very interesting.
Filed Under: ddos, fcc, foia, kevin collier, public records
Comments on “Journalist Sues FCC For Hiding Details About Its Alleged, Phantom DDOS Attack”
They are afraid
The bots that were given root access to write false support on the site would be revealed if they had to show proof of their claim.
If you look at it from their point of view, they were indeed hit by a DDoS. They just neglect to mention the fact that instead of it being bot controlled, it was done by all the people watching John Oliver’s show. So it was a DDoS attack at in its most basic form, caused by to many people trying to go there at the same time. Reminds of the old Slashdot effect. Sometimes when an interesting article would appear on this site for a time afterward the site would be overloaded with page requests and not respond.
So basically the FCC website got Slashdoted.
Re: Re:
No, it didn’t, because it’s hosted by a robust cloud service company instead of at a central server location.
Re: Re: Re:
“robust cloud service company”
Just how robust? A quick host lookup on fcc.gov shows Akamai, but they may only serve static content depending on the level of service you pay for. If they only use it for static content and they have centralised DB or other vulnerable infrastructure design. In fact, “cloud” doesn’t mean invulnerable to DDOS, it just means that a well designed site is less likely to have problems with a decent provider.
Re: Re: Re: Re:
And Akamai doesn’t show unusual activity when the phantom DDoS took place but yeah, you are right.
Re: Re: Re:
It’s cute that you expect competence from the current administration.
Re: Re: Re:
The website may be hosted by Akami, but a few years ago, their entire site was down for several days while they physically moved their server infrastructure to a new building. They obviously haven’t put the backend servers into a scalable cloud yet. That tells me they have a very limited backend to support requests from the frontend. DDoS via normal heavy user requests without overloading the front end possible? Check.
Re: Re:
The Slashdot effect still lives on in the Reddit Hug of Death.
Re: DDOS versus legitimate overload requires human judgement
I’m with Nathan F and others — whether a heavy traffic load is a DDOS or the slashdot effect is very much a human opinion, and a value judgement, too.
That is, if John Oliver cared to talk up techdirt, techdirt can expect an unprecedented load on the site functionality. If there’s enough broken browsers or packet loss out there, or techdirt’s ISP (or maybe just comcast) is full of something besides good stuff, it looks just like a DDOS attack.
We call “good” traffic the traffic eventually sourced by human beings on an individual basis, but really good AI can generate something that is hard to distinguish, and it gets really complicated when you remember that Russia had a paid army of people putting the russian slant on things and generally fanning the flames of discord.
Re: Re:
That wasn’t an attack.
Re: Re: Re:
Exactly. There wasn’t an attempt to cause a service disruption. It was quite the opposite, actually.
Re: Re:
Distraught Denizens overloading System? The only one trying to ‘deny service’ is the FCC.
The amusing thing is that in purely technical terms, there’s no difference between a DDOS attack and an unusually high level of legitimate traffic. The only difference is the number of independent actors involved and their intent. Believe me, both as a sys admin and a customer, there’s nothing more annoying than a marketing campaign that leaves servers unprepared for the traffic that gets to them, and for all intents and purposes it might as well be a DDOS when that happens.
The question is merely how they quantify the following:
“These actors were not attempting to file comments themselves”
In order to honestly make that claim, they should have evidence in support of it, so show us your log files.
Re: Re:
While the effects may be similar, there certainly is a difference. Just as there is a difference between, say, self defense and murder.
Ahh, so there is a difference. My point, exactly.
pathological liar...
…seems to fit Ajit Pai’s FCC.
Re: FCC liar...
.
…step back from the minutiae here and observe the much larger picture …. if the FCC leadership is demonstrably dishonest & actively working against the public interest — then the government-regulatory-model of economic/social improvement is fundamentally flawed.
This type of “independent” behavior by government regulatory personnel is very common. So consider the overall implications for average citizens in relation to their government.
Re: Re: then the government-regulatory-model of economic/social improvement is fundamentally flawed.
Considering it works in other countries, I think the more reasonable conclusion is that the US has no idea how to implement it.
“if it can be proved the agency actively lied about a DDOS attack then covered it up simply to downplay the immense unpopularity of its policies, the inevitable lawsuits against the agency in the wake of its final vote to kill the rules could get very interesting.”
There is plenty of evidence that they lied and you don’t need any documentation that’s not already public anyway to prove they lied. Pai is the one who will have to “produce” documents proving public knowledge wrong. And that’s pretty much impossible.
If I may suggest, you (Techdirt or at least Mike) should join the party and at the very least fill an amicus brief calling attention to your own name being used fraudulently and the total lack of will to fix it displayed by the FCC.
And if it’s proven the FCC lied then sue Pai himself for his actions.
If Pai wants to ignore the people and screw them at the very least lets make his life legally miserable.
Re: Re:
Two words: Qualified immunity.
Re: Re: Re:
He’s not qualified for his job, so maybe he’s not qualified for immunity, either. Wait… that’s exactly why they came up with ‘qualified immunity’ in the first place, isn’t it? Damn. Got my hopes up for a second, there.
Re: Re:
I’m waiting for people who had their names fraudulently used to file a class action “Right to be forgotten” lawsuit. Sure, there’s no US law regarding that, but as TD has reported, it hasn’t stopped others….
And at that point, where would TD fall on this? A government website is hosting known false information tying thousands of people to views they do not hold. Is it free speech? Fraud? Something else?
Re: Re: Re:
Perhaps Slander? Whom besides Pai and Comcast want their names associated with killing net neutrality.
You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't actually important.
You admit that Oliver flooded the system with specific urging, which is essentially same as other attempts to manipulate: artificial. Ginned up “grassroots” is ginned up, not “grassroots”.
You state those other attempts, and therefore state that the comments are tainted.
You keep whining that FCC ignores your own snowflake butthurt, because you’re highly important among millions. After all, you’ve been “prattling”, your word from profile, for decades now.
You keep insisting that the FCC ignore all “false” anti-neutrality comments, which is simply trying end-around to what you want, “neutrality”, though have never defined specifics that will definitely have desired effects without drawbacks. — You seem to want the Wild West phase to continue, or so I gather from your prattling. If wrong here, it’s your fault for not having bullet* points.
You don’t admit possibility that the FCC may not know, be able to determine, or may not care about cause of the comment flood: again, those comments are NOT binding!**
NOW you’re ecstatic over start of drawn-out and quite likely failing attempt to pry out meaningless data, not even knowing if available or clear.
Last and best, you ignore that even if got ALL data including internal memos and other items available in the surveillance state, proved beyond doubt that Oliver caused the crash not some DDOS, and everyone in the FCC lied up and down about that fact, is STILL irrelevant for the decision, which is NOT based on comments, but entirely on other factors! No court will ever bother digging into it.
And then pushed out this text plunk in the middle of exactly NO important topics.
Going to be another Classic Techdirt day.
—
* I can only hope that 2nd Amendment-hating Stephen T Stone doesn’t assert that “bullet” is more hidden “dog whistle” code threatening violence!
** Commenting at FCC is EXACTLY like my comments here, just a way to have feeling of input. But at least I know better! Enjoy your rant for itself, kids, but don’t expect any results! It’s just a mild vice, wasting time!
Re: You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't actually important.
“Going to be another Classic Techdirt day.”
Nah, I’m bored now, work week’s over and I’m off to the pub in the sun. If you weren’t so familiar, I’d say you got started waaay before me, but sadly I know your poor state of mental health.
Re: Re: You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't actually important.
And yet it’s amusing how he keeps feeding on those Classic Techdirt Days he hates so much.
There are many places in the internet that I could criticize like the trolls here but I simply don’t bother because it won’t be constructive commentary. I still read them because it’s good to be in touch with different points of view even when you know they are flawed. But seriously, if I ever bother to write my critic it will have plenty of evidence and explaining in it, not factless rants like this one.
Re: Re: Re: You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't three lullabies in an ancient tongue for the Court of the Crimson King.
Yes, but you’re not getting any more "in touch" with those different points of view the 700th time the same guy expresses them in the same way than the 699th.
Re: Re: Re:2 You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't three lullabies in an ancient tongue for the Court of the Crimson King.
True, and that’s why I don’t read daily like an obsessive maniac like this troll.
Re: Re: Re:3 You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't three lullabies in an ancient tongue for the Court of the Crimson King.
I do read daily (or, usually, 5 days a week); I like most of the articles, and there’s good discussion in the comments, aside from the trolls repeating the same nonsense ad nauseam. I probably do spend too much time here, but I’ve increased the overall quality of the experience by blocking the anons.
Re: You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't actually important.
“You admit that Oliver flooded the system with specific urging, which is essentially same as other attempts to manipulate: artificial.”
So a bot posting automated fraudulent comments is the same as Oliver airing a very informative piece leading to his viewers actively commenting not even using boilerplate text. Right.
Your comment is full of defeatism. I feel sad for you. Sure a ton of comments may pale in terms of ‘power’ compared to the fat paychecks he was promised or is already receiving but at the very least they show there is plenty of opposition and this can be used in other channels. It’s a good thing that most people still fight instead of declaring defeat like you do. That’s wht helped repeal SOPA for instance. And there are plenty of examples of where even the smallest activism being effective when reaching critical mass.
And it has its regular dose of bullshit. The definition of NN is pretty clear. You just don’t like it. Among others I won’t bother to address.
“** Commenting at FCC is EXACTLY like my comments here, just a way to have feeling of input. But at least I know better! Enjoy your rant for itself, kids, but don’t expect any results! It’s just a mild vice, wasting time!”
Then please employ your defeatism to this as well and go away, you are annoying.
Re: You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't actually important.
I’m sorry, I couldn’t understand you. Could you take Pai’s cock out of your mouth first?
Re: You've been told that those comments are in no degree or way binding on the FCC: you are NOT voting, the numbers aren't actually important.
There’s a guy round here that likes to eat paint. I think you two would really get along. You could go out for a Ttianium White milkshake, get to know each other. Maybe fall in love,and have a couple of children with an odd number of chromosomes. Finally find the happiness you seek in his pale anemic arms.
I think the one thing we can all agree on is the FCC is doing a shitty job of communicating, and that is a really bad look for a group with “communication” in their name.
Read this good piece from a commentor on Reddit. This one was detailed with several sites linked proving his point of the FCC outright lying. There is a lot in there and I haven’t had time to go through all of the details but I was impressed with the time it must have taken to gather all the data.
Doesn't Help FCC's Narrative
The funny thing is, even if the DDoS attacks were real, it doesn’t help the FFC’s narrative at all.
If the attacks were real, what that would really signify is that a malicious and well-funded interest saw the John Oliver piece, and was afraid that real people might make their voice heard following his segment.
In other words, the best case for the FCC is to take this as admission that someone is trying to manipulate the normal democratic process in favor of the telcos.
“These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”
Ok then. Release the stats for how many comments were filed leading up to and during the attack. If it’s a flat line, then the claim of a DDOS attack sounds *slightly* more believable. If there was a steady increase, chances are it was the flood of comments that took the system offline.
Why have publications and politicians been dancing around directly calling Ajit Pai a liar? Is there some concern about slander, a misplaced attempt to appear neutral, or whta?
Re: Re:
Some are trying to be polite by not publicly calling names and instead just pointing out the inconsistencies and letting people draw their own very obvious conclusions. Of course, if the shoe were were on the other foot you can bet things would be quite different with all sorts of accusations and name calling even if the evidence showed otherwise.
Wasn’t there a failed (/postponed?) push to remove internet-oversight from the FCC and put it in an already permanently neutered commission?
Proving its ineptitude might be a contingency plan that gets rid of the FCC entirely.
And while it’s entirely possible the FCC is just being non-transparent and generically stupid here,…
Never attribute to stupidity that which is adequately explained by Ajit Pai’s greed.
FCC's goin slow?
Here’s the funny thing,
I NEVER WANTED THE FCC TO CONTROL THE INTERNET. EVER.
I CONSISTENTLY SAID THIS.
POWER AND FREQUENCY mismanaged the day they ripped up their original mission statement.
NETWORK mismanaged the day they stole authority. (sic)
YOU ALL LOVE THIS.
YOU ALL SAID YOU WANTED IT.
YOUR GOING TO HALT WORK TO STOP IT? NATIONAL STRIKE? NO? then shut up.
Re: FCC's goin slow?
Nobody (or at least nobody here) ever wanted the FCC to control the Internet.
We just wanted someone (with the FCC being in the best position to do so) to limit the ability of ISPs to control the Internet.
Re: I TOLD YOU SO!!!
I TOLD YOU SO that I wanted to not the Department of Transportation to control the Distribution of Paint Chips!
The Department of Transportation is regulation Pain chips! because it regulates ROads and you use Roads to get Paint Chips. Just “like” how the FCC “controls” th e Internet by controlling the isps!!! Because of you “Control” a “thing” that is used to get to a different Thing, then you are controlling the Thing! It’s So Simple! Don’t you Sycophantic “idiots” understand how very Simple the things I say are! They make “sense”! So much sense!
Because I am so very “smart”. You can tell that I am Smart becaus I spend so much time saying I am Smart, which is what “smart” people do.
Every Nation eatst the Paint chips it Deserves!