Cybersecurity

Dems want more data on FCC DDoS attacks

broken lock 

Two lawmakers on key tech committees are asking for a probe into an alleged attempt to disrupt Federal Communications Commission systems while the comment period for the ongoing network neutrality proceeding was underway.

Rep. Peter Vallone (D-N.J.), ranking member on the House Energy and Commerce Committee, and Sen. Brian Schatz (D-Hawaii) who sits on the Senate Commerce Committee, are seeking an investigation from the Government Accountability Office.

"While the FCC and the FBI have responded to Congressional inquiries into these DDos attacks, they have not released any records or documentation that would allow for confirmation that an attack occurred, that it was effectively dealt with, and that the FCC has begun to institute measures to thwart future attacks and ensure the security of its systems," Vallone and Schatz wrote in a letter to GAO chief Gene Dodaro. "As a result, questions remain about the attack itself and more generally about the state of cybersecurity at the FCC – questions that warrant an independent review."

The FCC's Electronic Comments Filing System (EFCS) experienced a 3,000 percent boost in traffic in a brief period that spanned from 11 p.m. on May 7 to 1 a.m. on May 8, according to a record prepared by FCC CIO David Bray and sent in reply to a request from Sen. Ron Wyden (D-Ore.)

The spike took place at the same time as HBO comedian John Oliver urged users to flood the FCC with comments supporting the continuation of the network neutrality policy, which is opposed by the Trump administration, the current FCC chairman Ajit Pai and Republican majorities in the House and Senate.

However, the FCC report notes that the traffic spike was experienced by the API system of the EFCS, while Oliver's show pointed viewers to the web link.

At the time, Bray described the event as a distributed denial of service attacks. "These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

Vallone and Schatz want to know how the FCC came to determine the nature of the event, and are seeking details on coordination between the FCC CIO and the FCC security team, any mitigation procedures that were are in place to guard against such events, and whether the EFCS vulnerability points to any other security issues with regulatory agency's public-facing systems.

The concern on the part of net neutrality advocates is that opponents might be taking steps to either block legitimate commentators or to flood the EFCS with fake comments.

Server logs of the incident were never publicly released, because FCC officials claimed they contained personally identifiable information on users not connected with the attack.

Evan Greer of Fight for the Future told ZDNet in June that "if the fake comments -- many of which are using real people's names and addresses without their permission -- were submitted using the FCC's API, that means they should absolutely have information about who is committing this act of fraud."

The FCC declined to comment for this story.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the About.com online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group