Lawmakers Want The GAO To Investigate The FCC's Flimsy DDoS Claim

from the phantom-cyber-assault dept

We've noted a few times that the FCC's claim it suffered a DDoS attack -- at the precise moment John Oliver was directing annoyed net neutrality supporters to the agency's website -- is more than a little shaky. After initially insisting that major "analysis" had led the agency to conclude it was attacked the same evening Oliver was informing viewers about the FCC's plan to gut popular net neutrality protections, press FOIA requests indicated that no such analysis occurred. Security analysts have stated there were none of the usual indicators surrounding a traditional DDoS attack, fueling skepticism of the FCC's claims.

When media outlets began pointing out that the FCC was acting really suspicious about this whole thing, the agency lambasted news outlets for being "completely irresponsible." And while the FCC has consistently tried to claim it has oodles of evidence proving the DDoS attack occurred, agency lawyers are telling journalists that have filed FOIA requests that no such evidence exists. Skepticism has only mounted after additional Gizmodo reports indicated that at least one FCC staffer appears to have a habit of manufacturing cyber attacks out of whole cloth.

Needless to say, the FCC's odd behavior, combined with its decision to turn a blind eye to comment system fraud during the net neutrality proceeding, have raised a few eyebrows among lawmakers. Senator Ron Wyden recently argued that "it would be hard for a government agency to do more to give off the impression that it was engaged in a cover up." Similarly, Senator Brian Schatz and Rep. Frank Pallone fired off a letter last week to the GAO, urging it to investigate the FCC's handling of cyber attacks and its ability to protect the agency website:

"While the FCC and the FBI have responded to Congressional inquiries into these DDoS attacks, they have not released any records or documentation that would allow for conﬁrmation that an attack occurred, that it was effectively dealt with, and that the FCC has begun to institute measures to thwart future attacks and ensure the security of its systems. As a result, questions remain about the attack itself and more generally about the state of cybersecurity at the FCC—questions that warrant an independent review."

The duo also were quick to highlight how the FCC is similarly refusing to adequately police comment fraud during its net neutrality proceeding:

“The FCC’s lack of action in preventing or mitigating this issue is also cause for concern. In fact, taken together, these situations raise serious questions about how the public makes its thoughts known to the FCC and how the FCC develops the record it uses to justify decisions reached by the agency."

The journalist theory du-jour remains that the FCC idiotically made up a DDOS attack to downplay the massive opposition to the agency's plan to gut net neutrality (we aren't doing something in violent opposition to the public interest, we were just unfairly attacked!)

Similarly, it's believed Trump's FCC is refusing to police comment fraud so it can try and claim that the more than 20 million public comments filed with the agency (the majority in support of net neutrality) are compromised and therefore shouldn't be taken seriously. And whether the GAO launches an investigation or not, expect the FCC's behavior here to be front and center when it's inevitably sued for ignoring the public interest and voting to kill popular net neutrality protections later this year.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ddos, fcc, net neutrality