The FBI will not investigate a cyberattack that crashed the Federal Communications Commission’s website during an influx of comments on an agency plan to reverse net neutrality.
Agency chief Ajit Pai said the FBI declined to investigate the FCC cyberattack that followed a “Last Week Tonight with John Oliver” segment in May, when Oliver called on viewers to submit comments opposing Pai’s plan to scale back net neutrality rules.
“In speaking with the FBI, the conclusion was reached that, given the facts currently known, the attack did not appear to rise to the level of a major incident that would trigger further FBI involvement,” Pai wrote to a pair of Senate Democrats, who were skeptical of the attack. “The FCC and FBI agreed to have further discussions if additional events or the discovery of additional evidence warrant consultation.”
The June letter came in response to a May letter from Democratic Sens. Ron Wyden of Oregon and Brian Schatz of Hawaii. Both were skeptical of the timing of the Distributed Denial of Service (DDoS) attack, which hijacked a network of compromised internet connected devices and flooded the FCC’s Electronic Comment Filing System (ECFS). Multiple DDoS incidents crashed the ECFS Sunday into Monday, presumably at the height of comment submissions influenced by the “Last Week Tonight” episode.
Democrats pressed Pai for the specifics of the attack and the steps he was taking to address it, including contact with investigators like the FBI. Pro-net neutrality advocacy groups like Fight for the Future made unclear speculative claims that big broadband providers manufactured the incident and that the FCC was being “intentionally misleading” about the facts.
Pai described the attack as a “non-traditional DDoS” that targeted a specific ECFS interface “normally used by automated programs or bots for bulk filings.” Hits to the interface increased 3,000% beginning around 11 p.m. on May 7, at the start of Oliver’s show.
He added that a custom link Oliver created to help viewers file comments “directed traffic to the regular comment filing system” and not the interface targeted in the attack.
Malicious traffic originated from cloud-based bots and was “not associated with IP addresses usually linked to individual human filers” and “effectively blocked or denied additional web traffic–human or otherwise–to the comment filing system.” Eventually the bot swarms peaked early May 8 at 30,000 requests per minute, “or three times the total daily traffic for any day in the previous sixty days” and the maximum the FCC’s commercial, cloud-based servers could handle.
“I agree that this disruption to ECFS by outside parties was a very serious matter,” Pai wrote. “Please be assured that I have directed the Commission’s Information Technology (IT) staff to continue to closely monitor ECFS and expeditiously address and report any potential issues to my office.”
The FCC is still investigating the nature of the attack, but despite it Pai noted the FCC still “received more than two million comments in 10 days, versus more than two million comments over 110 days in the related 2014-15 proceeding.”
House Democrats unsatisfied with Pai’s answers sent a follow-up response Monday to the FCC and National Cybersecurity and Communications Integration Center “raising concerns about FCC’s cybersecurity preparedness.”
“We ask you to examine these serious problems and irregularities that raise doubts about the fairness, and perhaps even the legitimacy, of the FCC’s process in its net neutrality proceeding,” wrote Democrats on the House Energy and Commerce Committee, including ranking member and New Jersey Rep. Frank Pallone.
Democrats asked for more information on the “alleged cyberattacks,” how the FBI determined the situation didn’t warrant their attention, and what steps the FCC is taking to prevent future attacks, while providing commenters with additional means of ensuring their voices are heard.
Fight for the Future was equally unswayed, saying Pai’s explanation “raises more questions than answers.”
“The agency also claims the attacks came from ‘cloud providers,'” the group said in a statement. “If this is the case, cloud providers keep records of the exact resources used by each account for billing purposes. Why hasn’t the FCC employed legal means to identify who allegedly attacked their systems?”
Reporters asked FCC officials in April if the system was ready for a large influx of comments before it began receiving comments in May, noting the system crashed in 2014 after Oliver’s first episode on net neutrality. Officials said the agency also suffered cyberattacks to the comment system in 2014, and warned it could happen again.