FCC won't publish evidence of alleged DDoS attack, amid net neutrality battle

The agency has "gigabytes" of server logs that offer evidence for the alleged distributed denial-of-service attack, but it won't make them public.
Written by Zack Whittaker, Contributor

FCC chairman Ajit Pai testifying before the Senate Judiciary Committee in May. (Image: file photo)

The Federal Communications Commission (FCC) will not publish evidence of an alleged distributed denial-of-service attack, which critics say prevented a flood of people from leaving messages on the agency's support of net neutrality.

Call for the release of the agency's log files came after security experts and pro-net neutrality groups disputed the agency's claims that someone attempted to "bombard the FCC's comment system with a high amount of traffic" in the hours after the John Oliver's "Last Week Tonight" show, which rallied viewers to leave feedback in favor of net neutrality rules, which the FCC currently wants to roll back.

Two senators have written to the FCC to demand answers over the agency's claims it was attacked by an "external party," a claim that critics argue lacks substance.

In a ZDNet interview, FCC chief information officer David Bray said that the agency would not release the logs, in part because the logs contain private information, such as IP addresses. In unprinted remarks, he said that the logs amounted to about 1GB per hour during the alleged attack.

From the interview, Bray said that FCC staff noticed a high volume of incoming comments in the early morning of May 8, hours after the John Oliver show aired. The log files showed that non-human bots submitted a flood of comments using the FCC's API. The bot that submitted these comments sparked the massive uptick in internet traffic on the FCC by using the public API as a vehicle.

That, the FCC said in a statement, "prevented them from responding to people attempting to submit comments," describing a denial-of-service-type event, albeit not in the traditional sense of a malicious attack.

Bray's comments further corroborate a ZDNet report (and others) that showed unknown anti-net neutrality spammers were behind the posting of hundreds of thousands of the same messages to the FCC's website using people's names and addresses without their consent -- a so-called "astroturfing" technique -- in an apparent attempt to influence the results of a public solicitation for feedback on net neutrality.

Speaking to reporters last week, FCC chairman Ajit Pai hinted that the agency would likely honor those astroturfed comments, nonetheless.

Evan Greer, campaign director at Fight for the Future, a non-profit group for promoting internet freedoms, was critical the FCC's latest response in an email to ZDNet.

"Between the claims of a DDoS and the flood of fake comments that the FCC has done nothing to prevent and potentially even facilitated, its outrageous that the agency is continuing to move forward with their plan to dismantle net neutrality protections," said Greer.

"If the fake comments -- many of which are using real people's names and addresses without their permission -- were submitted using the FCC's API, that means they should absolutely have information about who is committing this act of fraud," she added.

"They should immediately disclose this information to the appropriate authorities and to journalists who can investigate this. If the culprit is an organization, the FCC should disclose that. The public needs to know if companies like Comcast and Verizon are funding this identity theft and attempt to undermine the democratic process," she added.

With the FCC largely staying quiet on the alleged attack and its aftermath, questions remain.

It's still not known who was behind the flood of comments that derailed the FCC's commenting system, though it's understood that the text used in each of the hundreds of thousands of spam comments was drawn from the Center for Individual Freedom, a conservative anti-net neutrality lobby group. (The lobby group's president, Jeff Mazzella, denied that his organization was using bots "in any way, shape or form.")

But, thanks to the FCC's mantra on data openness and transparency, researchers were quick to dissect the publicly available data related to the spam attack.

At least three independent reviews of over two million-plus comments submitted to the FCC in the past few weeks found that several individuals and groups on both sides of the debate were active in submitting a large chunk of comments, including thousands of comments submitted via Greer's own pro-net neutrality site, BattleForTheNet.

One of those reviews detailed how at least one set of spammers were so successful in their astroturfing campaign. In part because the FCC's commenting system API doesn't have a rate limit provision, essentially a cap on how many messages that can be posted to prevent anyone from spamming the site. There's no mention of a rate limit in the FCC's documentation, either. But in a tweet exchange on Friday, Bray hinted that there may be a limit but wouldn't say what it was. He hint that the spammer requested multiple keys to misuse those unknown rate limits.

"A simple Python script or curl command could send off your own thousands of filings," wrote Nathaniel Fruchter in his analysis.

But Greer said it would be "concerning" if it was shown that the FCC allowed anti-net neutrality groups to submit comments without a rate limit, while limiting submissions of those who are in favor of the rules.

"BattleForTheNet is submitting comments using the API, and we have been rate limited to ensure that we don't overwhelm the FCC's rickety website," she said.

A spokesperson for the FCC did not return a request for comment prior to publication.

The FCC is now in "sunshine" period, during which the agency will not consider any new comments. Despite one estimate so far putting support for net neutrality in the majority (spam excluded), the FCC nonetheless voted last week to go ahead and gut net neutrality rules.

The comments system will soon be open until mid-August for Americans to once again have their say.

Editorial standards