INSUBCONTINENT EXCLUSIVE:
You may remember the FCC explaining that in both 2014 and 2017, its comment system was briefly taken down by a denial of service attack
At least, so it says — but newly released emails show that the 2014 case was essentially fabricated, and the agency has so aggressively
redacted documents relating to the 2017 incident that one suspects they&re hiding more than ordinary privileged information.
As a very quick
recap: Shortly after the comment period opened for both net neutrality and the rollback of net neutrality there was a rush of activity that
rendered the filing system unusable for a period of hours
This was corrected soon afterwards and the capacity of the system increased to cope with the increased traffic.
A report from Gizmodo based
on more than 1,300 pages of emails obtained by watchdog group American Oversight shows that David Bray, the FCC chief information officer
for a period encompassing both events, appears to have advanced the DDoS narrative with no real evidence or official support.
FCC says its
cybersecurity measures to prevent DDoS attacks must remain secret
The 2014 event was not called an attack until much later, when Bray told
reporters following the 2017 event that it was
&At the time the Chairman [i.e
Tom Wheeler] did not want to say there was a DDoS attack out of concern of copycats,& Bray wrote to a reporter at Federal News Radio
&So we accepted the punches that it somehow crashed because of volume even though actual comment volume wasn&t an issue.&
Gigi Sohn, who was
Wheeler counsel at the time, put down this idea: &That just flat out false,& she told Gizmodo
&We didn&t want to say it because Bray had no hard proof that it was a DDoS attack
Just like the second time.&
And it is the second time that is most suspicious
Differing on the preferred nomenclature for a four-year-old suspicious cyber event would not be particularly damning, but Bray narrative of
a DDoS is hard to justify with the facts we do know.
In a blog post written in response to the report, Bray explained regarding the 2017
outage:
Whether the correct phrase is denial of service or &bot swarm& or &something hammering the Application Programming Interface& (API)
of the commenting system — the fact is something odd was happening in May 2017.
Bray analysis appears sincere, but the data he volunteers
is highly circumstantial: large amounts of API requests that don&t match comment counts, for instance, or bunches of RSS requests that tie
Could it have been a malicious actor doing this It possible
Could it have been bad code hammering the servers with repeated or malformed requests Also totally possible
The FCC justification for calling it an attack seems to be nothing more than a hunch.
Later the FCC, via then-CIO Bray, would categorize the
event as a &non-traditional DDoS attack& flooding the API interface
But beyond that it has produced so little information of any import that Congress has had to re-issue its questions in stronger
words.
Representatives rip FCC Chairman Pai ‘lack of candor& and double down on net neutrality questions
No official documentation of
either supposed attack has appeared, nor has the FCC released any data on it, even a year later and long after the comment period has
closed, improvements to the system have been made and the CIO who evaded senators& questions departed.
But most suspicious is the extent to
which the FCC redacted documents relating to the 2017 event
Having read through the trove of emails, Gizmodo concludes that &every internal conversation about the 2017 incident between FCC employees&
Every one!
The FCC stated before that the &ongoing nature& of the threats to its systems meant it would &undermine our system security& to
provide any details on the improvements it had made to mitigate future attacks
And Bray wrote in his post that there was no &full blown report& because the team was focused on getting the system up and running again
But there is also an FCC statement saying that &our analysis reveals& that a DDoS was the cause.
What analysis If it not a &significant
cyber incident,& as the FBI determined, why the secrecy If there no report or significant analysis from the day — wrong or right in
retrospect — what is sensitive about the emails that they have to be redacted en masse Bray himself wrote more technical details into his
post than the FCC has offered in the year since the event — was this information sent to reporters at the time Was it redacted Why So
little about this whole information play makes no sense.
One reasonable explanation (and just speculation, I should add) would be that the
data do not support the idea of an attack, and internal discussions are an unflattering portrait of an agency doing spin work
The commitment to transparency that FCC Chairman Pai so frequently invokes is conspicuously absent in this specific case, and one has to
wonder why.
The ongoing refusal to officially document or discuss what all seem to agree was an important event, whether it a DDoS or
something else, is making the FCC look bad to just about everyone
No amount of redaction can change that.
