Was the recent flood of traffic to FCC’s website actually a DDoS attack?
Cybersecurity experts have cast doubt on the Federal Communications Commission’s claim that it was the target of a distributed denial of service attack on Sunday night.
“There don’t appear to be any indications of a DDoS attack in the sensors we use to monitor for such things,” said John Bambenek, a threat intelligence manager at Fidelis Cybersecurity. “It appears the issue with the FCC is less of a DDoS attack, traditionally defined, and more of an issue of crowdsourcing comments generated by John Oliver and Reddit.”
The FCC said Monday in a statement attributed to Chief Information Officer David Bray that it sustained multiple DDoS attacks beginning on Sunday night at midnight. “DDoS events tied up the servers and prevented them from responding to people attempting to submit comments,” the statement reads.
During his HBO show “Last Week Tonight” on Sunday, comedian John Oliver called on viewers to submit comments to the FCC in favor of saving existing net neutrality rules. The agency’s reported crush of website traffic occurred soon afterward. The Washington Post reported that traffic spurred by the HBO show contributed to intermittent connectivity problems with FCC.gov.
The FCC claims that its website issues were the result of a coordinated cyberattack. An agency statement does not mention Oliver’s show. Jake Williams, CEO of cybersecurity firm Rendition InfoSec, said the agency “offered no support” to prove a DDoS had occurred.
“There was no observed dark web chatter about such a DDoS before or after the event and no botnets that I’m monitoring received any commands ordering a DDoS on the FCC’s site,” Williams said.
Multiple reports claim the attack was due to bots that were programmed to overload the FCC’s comment system.
A DDoS is broadly understood as a digital attack designed to overwhelm a specific web property or online service with a flood of artificially created internet traffic, thereby causing a target to be inaccessible to legitimate users.
Hordes of already compromised computers, known as botnets, are typically leveraged by hackers to launch DDoS-style attacks. Over the last several years, it has become increasingly easy to program bots or leverage compromised computers over in order to amplify an attack.
An FCC spokesperson declined to answer questions that CyberScoop sent to the agency. Bray’s statement said the reported attacks specifically targeted the comment filing mechanism of the FCC’s website.
“These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” Bray said in the statement. “These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments.”
The FCC statement mentions that associated servers failed to respond but were still “running” and “remained up.”
The agency’s statement received additional skepticism from a consumer advocacy group named Fight for the Future, an organization focused on digital rights. The nonprofit is an opponent of current FCC Chairman Ajit Pai’s efforts to roll back Obama-era regulations. The group claims that the FCC is in possession of information that could prove a DDoS attack actually occurred during the aforementioned timeframe.
“The FCC should immediately release its logs to an independent security analyst or major news outlet to verify exactly what happened last night,” Fight for the Future campaign director Evan Greer said in a statement.
No one has taken responsibility for the high-profile DDoS incident.
UPDATE, 5/16/17: This story was updated to reflect further reports of bots flooding the FCC’s system.