FCC Says It Has No Documentation of Cyberattack That It Claims Happened

An anonymous reader quotes a report from The Hill: The Federal Communications Commission (FCC) declined to reveal analysis proving that it was the victim of a cyberattack in May. The agency claimed at the time that its Electronic Comment Filing System (ECFS) did not actually crash because of a large amount of traffic on the site prompted by John Oliver telling viewers to file comments in favor of net neutrality on his HBO show, Last Week Tonight. Instead, the FCC said that the ECFS went down as a result of a DDoS attack. In its response to Gizmodo's FOIA request, the FCC said that the attack "did not result in written documentation." "Based on a review of the logs, we have already provided a detailed description of what happened. We stand by our career IT staff's analysis of the evidence in our possession," an FCC spokesperson said when asked for comment on the matter.

Misleading headline

[XXongo]

Not quite. From the article linked: "The agency says it does have data logs on the attack but can't release those for privacy reasons."

So, it's not that it "has no documentation"-- it's that it can't (or won't) release documentation.

Not the same thing.

Re:Wait for it...

[Desler]

Or just point out that Ajit Pai was clearly lying about the DDoS.

Cross post from Reddit front page

[burtosis]

Link to original text

We caught them red handed -- they claimed 'cyber attack' but we have the uptime reports. We have the connectivity reports (their CDN is Akamai - you can view real time attack data for their network -- if the FCC site was down, a big chunk of the web would have been too). It would have made big news in the IT/networking world if Akamai hiccup'd... since they were able to handle the world's largest DDoS last fall. That got noticed... by, erm, everyone. Network Operations Centers all over the world saw it. Did anyone see the FCC DDoS? crickets There's evidence that the bot is being run on an API -- in other words someone inside the FCC specifically gave access. They have to issue special keys (just like with Reddit!) -- and they're rate limited. They would know who's doing it instantly, because that API isn't available for just anyone: You have to ask for it -- click on the link, it'll show you the form; It asks for name and e-mail. Someone from the FCC said as much -- it was API accesses, not public-facing. If there was a connectivity issue it wasn't external, it was internal, preventable, and that's why they won't give out the server logs. Because they knew who was doing it, could have stopped it, didn't, and are letting it continue to happen as we speak. They know exactly which comments are being submitted by bots, and who owns them. Purely for my own amusement, I went looking for the Terms of Service for accessing the API. Click. Click. Aaaand here we are: "FCC computer systems employ software to monitor network traffic to identify unauthorized attempts..." :snip: "If such monitoring reveals evidence of possible abuse or criminal activity" :snip: cough Fraud cough "Unauthorized attempts to upload or change information on this server are strictly prohibited". Not going to do anything, FCC? Says what they did is "strictly prohibited"... soooooooo.... crickets The previous link provides evidence it's a grand total of... five. Five different copy pasta text; And all sourced from the same stolen identity databases. And the submission times are painfully obvious that it was automated: The number of submissions per second was nearly constant too, like clockwork. And submitted alphabetically. What's more... They prepared for this years ago. You can say, unironically, "Thanks Obama" for that one. They specifically upgraded the public comments after the last network neutrality comment crush. Rather a lot (footnote: ECFS is the comment system -- and it was specifically targeted for a revamp and big bump to system capacity). That capacity wasn't exceeded -- not by the general public anyway. The inflow rate of submissions from John Oliver's gofccyourself.com came in well under -- 150k versus 1.1 million? It's hard to imagine how they'd add all that extra capacity only to have it fall over dead under a fraction of the load. Someone was even nice enough to make a map of who's submitting the comments. Look at the first time this happened. Then look at that one. Notice anything? This time around, the map looks like a mirror of the population distribution of the entire country. By the numbers, the whole nation knows about Network Neutrality, across every demographic... equally. Including the deceased. Oh, they never filed a report with the Department of Homeland Security, which is what every government agency is supposed to do if they experience a cyber attack. Double bonus round, Here's the FCC's own page on cybersecurity preparedness and response. And what do they say? "The FCC, because of its relationship with the nation’s communications network service providers, is particularly well positioned to work with industry to secure the networks upon which the Internet depends." Sounds like someone who'd have a plan, you'd think.They claimed to the media something their own policies dictate what the response should be -- and they did

so, new law ?

[jmccue]

So will there me a new definition of a DDOS ?

Law --
You cannot submit a comment to a Federal Agency when someone else is submitting a comment at the same time to any Federal Agency. Doing so violates the "Computer Fraud and Abuse Act" and the Patriot Act.

Re:Wait for it...

[fustakrakich]

How will that help? Pointing out lies no longer has the desired effect. They keep lying, and they keep their jobs, and the voters don't care.