Slashdot Mirror

← Back to Stories (view on slashdot.org)

FCC Says Its Specific Plan To Stop DDoS Attacks Must Remain Secret (arstechnica.com)

Posted by BeauHD on from the undermining-security dept.

An anonymous reader quotes a report from Ars Technica: FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system. Democratic Leaders of the House Commerce and Oversight committees then asked Pai what those additional solutions are, but they didn't get much detail in return.

"Given the ongoing nature of the threats to disrupt the Commission's electronic comment ling system, it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internetbased solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs." The CIO's answers to lawmakers' questions were sent along with a letter from Pai to Reps. Frank Pallone, Jr. (D-N.J.), Elijah Cummings (D-Md.), Mike Doyle (D-Penn.), DeGette (D-Colo.), Robin Kelly (D-Ill.), and Gerald Connolly (D-Va.). The letter is dated July 21, and it was posted to the FCC's website on July 28.

13 of 88 comments (clear)

  1. I Found It by Shakrai · · Score: 5, Funny

    It was in a drawer next to Trump's plan to defeat ISIS. More details to follow.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
    1. Re:I Found It by Ziest · · Score: 2, Insightful

      A secret plan to end an undeclared war backed by a silent majority.

      No one does bullshit better than GOP

       

      --
      Another day closer to redwood heaven
  2. How could it fail? by MountainLogic · · Score: 5, Insightful

    After all, unvetted encryption and security have never failed. And the best security is obscurity!

  3. Sorry Guys by whitlocktj · · Score: 5, Insightful

    I know all of you are concerned about Net Neutrality and would like to submit your claims on our site, but someone decided to attack us when you visited our site. Oh, you want evidence of the hack? Sorry, we cannot provide that. But rest assured, it will be prevented in the future. Oh, you want to know how we will prevent it? Well, that's a secret too. Oh, you don't think it actually happened? No, it did. Don't worry.

    1. Re:Sorry Guys by WillAffleckUW · · Score: 2

      We should vote on that using one of the easily hacked vote machines in use in the US today. You know, one of the ones that was hacked (e.g. every single one) at DEFCON.

      Yeah, sure.

      --
      -- Tigger warning: This post may contain tiggers! --
  4. Bull-Fucking-Shit by Anonymous Coward · · Score: 3, Informative

    There was never a DDOS attack. It was a delibarate attemps by the FCC to silence the critics of its plan to kill net neutrality.

  5. Here's my 1-step plan to prevent attacks: by Rick+Schumann · · Score: 3, Insightful

    Step #1: Listen to the American public and industry leaders and SUPPORT NET NEUTRALITY.

    Expect my consultation bill in the mail, Mr. Pai.

  6. Re:Security through obscurity... by Obfuscant · · Score: 2

    Even with the ancient adages about "security via obscurity", one does not wisely broadcast details about the security systems one is using. It's called "infosec", or more broadly, "opsec".

  7. Re:How could it laze? by WillAffleckUW · · Score: 2

    Not hard to hide an orbiting death laser platform...just to be sure.

    You'd be surprised how hard that is, actually.

    --
    -- Tigger warning: This post may contain tiggers! --
  8. Security through obscurity explained . . . by Tanman · · Score: 2

    If obscurity is the primary method of security, meaning "if they discover how we are doing it then they can defeat it," then you have no security. You must plan for the eventuality that someone will know how you do it. So, if the FCC's new method requires that it remain obscure to remain effective, then it might as well have already been compromised. Of course, having an obscure security system that nobody knows about is helpful. Nobody would argue otherwise. But that should just be icing on the cake - a nice little perk. Think of this comparison of a time-lock safe vs. a hidden book box:

    Look at a time lock safe:
    1. It is known
    2. The way it works is known
    3. It is effective because of the security measures of the safe

    This is opposed to hiding valuables in a hidden book box:
    1. If it is not known, it might work
    2. If it is not known, it might be discovered through thorough searches and thus fail
    3. If it is known, it definitely won't work

    If you hide the time lock safe, then you do add a layer of cursory security. However, it is not the location/disguise of the safe that matters. It's the function of the safe's defenses that protect the valuables.

  9. Re:How could it laze? by ubrgeek · · Score: 2

    Not if you throw enough Bothans at the problem.

    --
    Bark less. Wag more.
  10. Re:Security through obscurity... by Ol+Olsoc · · Score: 3, Funny

    Even with the ancient adages about "security via obscurity", one does not wisely broadcast details about the security systems one is using. It's called "infosec", or more broadly, "opsec".

    Then again, it ican be just as important to keep the fact that there is no plan a secret.

    We have had many plans that were bragged about by the party of the moral high ground turn out to be no plan at all. OBlamacare repeal, the Freedom Jesuscare health act, and everything Don for Life has ever promised. If the model is followed, it involves shutting the computer off and not much more.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  11. Re:Security through obscurity... by Ol+Olsoc · · Score: 2

    Then again, it ican be just as important to keep the fact that there is no plan a secret.

    You are claiming a fact when you have none. You assume there is no plan because nobody is willing to tell you what it is.

    SRSLY? Tell me exactly where I claimed there is no plan. Having an awesome completely foolproof secret plan that will work every time and make the free internet safe forever and anon might have every bit the same need for secrecy as "We got nuthin'.

    You need to read a little better before just deciding to disagree because you want to argue with someone.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.