June 6, 2018 at 11:16AM
via Ars Technica
Federal Communications Commission officials are facing more accusations that they lied about the cause of a May 2017 comment website outage that temporarily prevented people from submitting comments on FCC Chairman Ajit Pai's plan to eliminate net neutrality rules.
The FCC maintains that its system was hit by multiple distributed denial-of-service (DDoS) attacks, but it hasn't provided evidence publicly to support that claim. The US Government Accountability Office (GAO) is investigating the FCC's DDoS claims at the urging of Democratic lawmakers.
The controversy flared up again this week in a Gizmodo story titled "FCC Emails Show Agency Spread Lies to Bolster Dubious DDoS Attack Claims."
The FCC emails in question were sent by then-FCC Chief Information Officer David Bray to journalists after the May 2017 outage. Bray's case that the May 2017 incident was an attack hinged partly on his contention that a similar outage in 2014 was also caused by a DDoS attack. Bray claimed that in 2014, then-FCC Chairman Tom Wheeler decided to hide the real cause of the downtime.
"[T]here was a similar DDoS attack after the 2014 J.O. clip," Bray told reporters from FedScoop in May 2017. "At the time, the Chairman did not want to say there was a DDoS attack out of concern of copycats. So we accepted the punches that it somehow crashed because of volume even though actual comment volume wasn't an issue."
There were repeated problems with the FCC's 18-year-old comment system in 2014, when Wheeler's net neutrality plan received four million comments. The FCC upgraded its system afterward. In 2017, it performed better overall despite the outage in May. Pai's plan to eliminate net neutrality rules ultimately received 22 million comments, though many were fraudulent.
Activist group Fight for the Future last year accused the FCC of "invent[ing] a fake DDoS attack to cover up the fact that they lost comments from net neutrality supporters."
Gigi Sohn, who was a counselor to Wheeler while he was chair, disputed Bray's statement that Wheeler hid the real reason for the 2014 downtime.
"That's just flat-out false," Sohn told Gizmodo. "We didn't want to say it [was a DDoS in 2014] because Bray had no hard proof that it was a DDoS attack. Just like the second time [in 2017]." (Sohn confirmed this quote when contacted by Ars. Wheeler declined to comment.)
We asked Bray about Sohn's comment; he pointed us to a blog post he wrote yesterday in response to the Gizmodo story. Bray's blog post doesn't directly refute Sohn's statement, but it defends his conclusion that the 2014 and 2017 outages were caused by attacks. Still, his blog post does not offer definitive proof that either outage was caused by an attack.
In 2014, "we were seeing an abnormally high number of record-locks to the database, preventing new connections from being established," Bray wrote. "Back then, the security team reported abnormal HTTP requests, suggesting of Web scrapers or 'bots' hitting the website. These record-locks that denied new connections from being established would periodically spike throughout the summer even when actual comment volume was relatively low."
Bray acknowledges that "denial of service" might not be the best descriptor of what happened in the May 2017 incident. "[W]hether the correct phrase is denial of service or 'bot swarm' or 'something hammering the Application Programming Interface' (API) of the commenting system—the fact is something odd was happening in May 2017," Bray wrote.
Bray said that Gizmodo did not contact him before publishing its story.
We contacted the FCC yesterday and will update this post if we get a response.
Ars described the FCC's DDoS claims in a May 2017 article. At the time, it appeared that the FCC comment system was hit either by an unusual type of DDoS or poorly written spam bots.
Bray left the FCC last year and is now executive director of People-Centered Internet, an organization founded by Internet Protocol co-inventor Vint Cerf.
“This event was not an attack”
The only public indication in 2014 that the FCC comment system outage was caused by a DDoS came in a Motherboard article that quoted an anonymous FCC official. That official was Bray, according to another Gizmodo story.
Gizmodo also quoted a former FCC security contractor who spoke anonymously and disputed Bray's contention that the 2014 outage was caused by an attack.
"The security team was in agreement that this event was not an attack," the former contractor told Gizmodo. "The security team produced no report suggesting it was an attack. The security team could not identify any records or evidence to indicate this type of attack occurred as described by Bray." This account was "confirmed by two other sources with knowledge of the matter," Gizmodo wrote.
US Rep. Frank Pallone, Jr. (D-N.J.) said yesterday that he was "disturbed by press reports that demonstrate a concerted effort by FCC employees to mislead the public in the lead-up to its vote to repeal net neutrality."
Pallone is one of two lawmakers who asked the GAO to investigate the DDoS claims.
"In light of today's news, I call on Chairman Pai to ensure the FCC fully cooperates with GAO's investigation so the American people can finally get a full accounting as to what happened in advance of the agency stripping away critical net neutrality protections," Pallone said.
Separately, the New York state attorney general's office is investigating fraud in the net neutrality comments system and accused Pai of refusing multiple requests for evidence.