Published in News

FCC spinning like crazy on DDoS attack

by on24 July 2017


Regulator is not providing the paperwork

The US FCC is acting suspiciously over a DDoS attack which apparently forced it to shut down its net neutrality comment system in May.

The watchdog moaned that after a television show pointing out that the FCC allowed comments on net-neutrality the comment system suffered from a DDoS attack and had to be shut down.

Gizmodo smelt a rat and used the Freedom of Information Act (FoIA) request for an analysis of the attacks. However the FCC said its analysis of DDoS attacks "stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation".

Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no "written documentation," the FCC provided no documents in response to this portion of the Gizmodo FoIA request.

The FCC also declined to release 209 pages of other records, citing several exemptions to the FoIA law. For example, publication of documents related to "staffing decisions made by Commission supervisors, draft talking points, staff summaries of congressional letters, and policy suggestions from staff" could "harm the Commission’s deliberative processes," the FCC said.

The FCC also declined to release internal "discussion of the Commission’s IT infrastructure and countermeasures", because "It is reasonably foreseeable that this information, if released, would allow adversaries to circumvent the FCC’s protection measures".

It did release 16 pages of records but none of them shed any light on the events that led to the FCC’s website crashing on May 8. Gizmodo noted that the few e-mails by FCC staff that were actually released were entirely redacted."

The FCC refused to release the text of more than 40,000 net neutrality complaints that it has received from internet users since June 2015.

Gizmodo wrote a yarn claiming that the FCC didn’t have any paperwork proving the attack, which based on what they received was a fair enough point. Of course it did mean that the FCC was incompetent and totally ill equipped to handle any networking at all and so probably was not qualified to rule on something as tricky as net- neutrality.

The FCC released a statement claiming that this conclusion was "categorically false".

The FCC statement said there was publicly available written analysis in the form of a letter to Congress. The FCC statement also said it has "voluminous documentation of this attack in the form of logs collected by our commercial cloud partners," which has not been released publicly.

However the FCC refused to provide its internal analysis of the attack, which is what Gizmodo requested.

The FCC said; "Gizmodo requested records related to the FCC analysis cited in [CIO] David Bray’s May 8 public statement about this attack. Given that the Commission’s IT professionals were in the midst of addressing the attack on May 8, that analysis was not reduced to writing. However, subsequent analysis, once the incident had concluded, was put in writing."

Gizmodo reporter Dell Cameron wrote that this was pants as he asked for all records 'related to' this analysis (emails, etc.), not just the analysis itself, which they claim does not exist.

Ars Technica filed a FoIA request on May 9 for e-mails and other communications and records related to the attack on the net neutrality comment system and related downtime and was denied "due to an ongoing investigation we are not able to release records associated with this incident".

Chairman Ajit Pai later told US senators that the FBI was not investigating the comment system attack.

"In speaking with the FBI, the conclusion was reached that, given the facts currently known, the attack did not appear to rise to the level of a major incident that would trigger further FBI involvement", Pai wrote to Senate Democrats who asked for more details about the attacks and the FCC's response to the attacks.

It looks like a total mess and normally when something like this happens in a Government department someone is covering up something. Only in this case they are doing it so badly everyone thinks that there is something up.

Last modified on 24 July 2017
Rate this item
(0 votes)

Read more about: