Click to Skip Ad
Closing in...

It sure looks like the FCC lied about a cyberattack to avoid net neutrality comments

Published Jun 5th, 2018 9:01PM EDT
FCC net neutrality comments cyberattack: nope
Image: Jacquelyn Martin/AP/REX/Shutterstock

Last year, the Federal Communications Commission voted to overturn net neutrality rules, a move that millions of people protested in comments sent to the FCC. But many more were unable to leave comments, as the FCC’s public commenting system went down following a late-night John Oliver segment, in which he exhorted viewers to leave their comments with the FCC.

The public excuse for that technical failure was a distributed denial-of-service (DDoS) attack, a common and crude hacking tool that generally uses hundreds of thousands of devices (many of them hacked) to overwhelm a service with traffic. But the FCC has never provided any evidence that it was the target of a DDOS attack, and new emails obtained through a Freedom of Information Act request show how some within the FCC pushed a narrative that its own security staff new to be false.

Gizmodo‘s Dell Cameron, who has been reporting this story since last year, reviewed 1,300 emails relating to the FCC’s Electronic Comment Filing System, obtained by transparency group American Oversight via the FOIA. The emails show that David Bray, the FCC’s Chief Information Officer, pushed a narrative that the system failure in 2017 was caused by a DDoS attack; moreover, he claimed that a similar outage in 2014 was also caused by a DDoS attack, but FCC leadership at the time chose to cover that fact up.

Those accusations were refuted by individuals who worked at the FCC, including within its security team, at the time. “The security team was in agreement that this event was not an attack,” a former FCC security contractor told Gizmodo of the 2014 outage. “The security team produced no report suggesting it was an attack. The security team could not identify any records or evidence to indicate this type of attack occurred as described by Bray.”

The full story is well worth reading to understand the insider details of how Bray seemingly muddied the waters last year, succesfully duping some outlets into blaming a DDoS attack that never appears to have occured. The full emails can be found here, although the frequent retractions make it a hard story to piece together.