In May 2017, the Federal Communications Commission told the public that recent major delays to their Electronic Comment Filing System concerning the agency’s net neutrality debate were caused by hackers conducting distributed denial of service attacks.
But according to an Inspector General report released Aug. 7, there was little to no evidence to support this claim, and the delays were more likely caused by segment of HBO’s Last Week Tonight with John Oliver, which encouraged viewers to visit the comments site.
“The Inspector General Report tells us what we knew all along: The FCC’s claim that it was the victim of a DDoS attack during the net neutrality proceeding is bogus,” said FCC Commissioner Jessica Rosenworcel. “What happened instead is obvious—millions of Americans overwhelmed our online system because they wanted to tell us how important internet openness is to them and how distressed they were to see the FCC roll back their rights. It’s unfortunate that this agency’s energy and resources needed to be spent debunking this implausible claim.”
According to the IG report, spikes in ECFS activity corresponded with the show’s airing and subsequent social media posts of justtellmeifimrelatedtoanazi.com and gofccyourself.com links, which redirected users to the FCC comment site.
According to the report, FCC officials raised the concern that the system’s problems were being caused by interest generated through the show, but the agency’s then-CIO David Bray dismissed the possibility.
“Yes, we’re 99.9% confident this was external folks deliberately trying to tie-up the server to prevent others from commenting and/or create a spectacle. [John] Oliver invited the ‘trolls’ – to include 4Chan (which is a group affiliated with Anonymous and the hacking community). His video triggered the trolls. Normal folks cannot manually file a comment in less than a millisecond over and over and over again, so this was definitely high traffic targeting ECFS to make it appear unresponsive to others,” Bray wrote in a May 8, 2017, email cited in the report.
According to the report, IG officials expected to find data substantiating the certainty that outside actors had perpetuated the increase in traffic, but learned that the basis for Bray’s May 8 statement was that there were a large number of site hits that did not result in comments being filed and the supposed “bots” were coming from cloud providers.
“Our investigation did not substantiate the allegations of multiple DDoS attacks alleged by Bray. While we identified a small amount of anomalous activity and could not entirely rule out the possibility of individual DoS attempts during the period from May 7 through May 9, 2017, we do not believe this activity resulted in any measurable degradation of system availability given the miniscule scale of the anomalous activity relative to the contemporaneous voluminous viral traffic,” the report said, adding that there was not enough evidence of coordination, as would be present in a DDoS attack.
“We expected to obtain and review the analysis referenced by Bray in the press release and to obtain and review logs and supporting documents for that and subsequent analyses. However, we learned very quickly that there was no analysis supporting the conclusion in the press release, there were no subsequent analyses performed and logs and other material were not readily available.”
The IG also found that the FCC was aware of Last Week Tonight’s intent to cover net neutrality in its upcoming segment, as a representative from the show had emailed FCC media relations on the topic. The agency decided not to respond to her.
IT officials, such as Bray, were not informed of these communications, however.
“During our interview with Tony Summerlin [FCC contractor serving as a senior strategic advisor in the Commission’s IT Group], Summerlin said ‘Bray was furious that he had not been informed about the John Oliver episode,’” the report said.
FCC Administrator Ajit Pai laid blame for the erroneous DDoS assertion with the agency’s IT officials.
“I am deeply disappointed that the FCC’s former Chief Information Officer, who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people. This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office,” said Pai in an official statement on the report.
In a letter included in the IG report, Pai added that Summerlin and Christine Calvosa, acting CIO in the office of the managing director, had reaffirmed Bray’s assertion that the disruption was caused by a DDoS attack.
Since the May 2017 incident, the FCC has been under heavy scrutiny from members of Congress and other agencies to investigate the allegations of an attack.
Federal Times contacted Bray about the IG report, but did not receive a response at the time of publication.