FCC Says It Has No Documentation of Cyberattack That It Claims Happened (thehill.com) 54
An anonymous reader quotes a report from The Hill: The Federal Communications Commission (FCC) declined to reveal analysis proving that it was the victim of a cyberattack in May. The agency claimed at the time that its Electronic Comment Filing System (ECFS) did not actually crash because of a large amount of traffic on the site prompted by John Oliver telling viewers to file comments in favor of net neutrality on his HBO show, Last Week Tonight. Instead, the FCC said that the ECFS went down as a result of a DDoS attack. In its response to Gizmodo's FOIA request, the FCC said that the attack "did not result in written documentation." "Based on a review of the logs, we have already provided a detailed description of what happened. We stand by our career IT staff's analysis of the evidence in our possession," an FCC spokesperson said when asked for comment on the matter.
Re:Wait for it... (Score:5, Insightful)
Or just point out that Ajit Pai was clearly lying about the DDoS.
Re: (Score:1)
Re: (Score:3, Insightful)
How will that help? Pointing out lies no longer has the desired effect. They keep lying, and they keep their jobs, and the voters don't care.
Re: (Score:2)
Why lie. Quick we are getting to many contacts that support net neutrality, what do we do. Er, Er, Er, shut down the computers with a false flag DDoS make sure no traceable evidence, destroy all documentation. See no lie, just an omission, oh and a deletion.
Re: (Score:2)
Re: (Score:2)
I believe the correct term is:
Thanks Obama!
Re: (Score:2)
He may well be a moron, but also right [huffingtonpost.ca]
Apparently, the US of A doesn't like the prescription it metes onto others, right?
Re: (Score:2)
Re: (Score:1)
16 investigations into Benghazi, now that's hysteria! Stay BTFO!
They do not even care anymore (Score:2, Insightful)
Misleading headline (Score:5, Insightful)
So, it's not that it "has no documentation"-- it's that it can't (or won't) release documentation.
Not the same thing.
Re: (Score:2)
Then.. Wouldn't the "report" of the "IT staff report" which was apparently verbal not in itself constitute documentation?....
Oh the irony...
Re: (Score:2)
Misleading Lack of Privacy Concerns (Score:2)
In both this story and the July 18th story on the FCC, [slashdot.org] the summaries have been misleadingly one-sided in that they have utterly failed to disclose the FCC's position that *Privacy Concerns* are a large part of why they have not fully responded to the FOIA requests.
Re: (Score:2)
Not quite. From the article linked:
"The agency says it does have data logs on the attack but can't release those for privacy reasons."
So, it's not that it "has no documentation"-- it's that it can't (or won't) release documentation.
Not the same thing.
It's about the size of the lie.
Saying "it happened but we can't release any details". Is consistent with both a real DDOS and "well some IT staff thought it was a DDOS so we just kinda assumed they were right". Even if they're deliberately lying they haven't said enough to get in trouble.
Now, to release a paper trail means you're either releasing doctored evidence or evidence that is clearly wrong. Either way it's a lot easier to hold someone accountable. That's why the media pushes for these kinds of docum
Re: (Score:3)
How does Slashdot feel about the Federal Communications Commission being technologically inept?
They are run by a group of political appointees who may or may not (mostly not) have relevant technical experience. Who's surprised that they don't know what they are doing? Or that they are beholden to their political interests over what actually makes technical sense? I'm not.
I saw this clearly when they took up the BPL (Broad Band over Power Lines) issue, where they where going to shove internet data over the power lines on wide bandwidth RF carriers and the FCC commissioners ignored the fact that thi
Re: (Score:2)
In short, The FCC Is Full Of Shit [gizmodo.com].
Cross post from Reddit front page (Score:5, Interesting)
We caught them red handed -- they claimed 'cyber attack' but we have the uptime reports. We have the connectivity reports (their CDN is Akamai - you can view real time attack data for their network -- if the FCC site was down, a big chunk of the web would have been too). It would have made big news in the IT/networking world if Akamai hiccup'd... since they were able to handle the world's largest DDoS last fall. That got noticed... by, erm, everyone. Network Operations Centers all over the world saw it. Did anyone see the FCC DDoS? crickets There's evidence that the bot is being run on an API -- in other words someone inside the FCC specifically gave access. They have to issue special keys (just like with Reddit!) -- and they're rate limited. They would know who's doing it instantly, because that API isn't available for just anyone: You have to ask for it -- click on the link, it'll show you the form; It asks for name and e-mail. Someone from the FCC said as much -- it was API accesses, not public-facing. If there was a connectivity issue it wasn't external, it was internal, preventable, and that's why they won't give out the server logs. Because they knew who was doing it, could have stopped it, didn't, and are letting it continue to happen as we speak. They know exactly which comments are being submitted by bots, and who owns them. Purely for my own amusement, I went looking for the Terms of Service for accessing the API. Click. Click. Aaaand here we are: "FCC computer systems employ software to monitor network traffic to identify unauthorized attempts..." :snip: "If such monitoring reveals evidence of possible abuse or criminal activity" :snip: cough Fraud cough "Unauthorized attempts to upload or change information on this server are strictly prohibited". Not going to do anything, FCC? Says what they did is "strictly prohibited"... soooooooo.... crickets
The previous link provides evidence it's a grand total of... five. Five different copy pasta text; And all sourced from the same stolen identity databases. And the submission times are painfully obvious that it was automated: The number of submissions per second was nearly constant too, like clockwork. And submitted alphabetically. What's more... They prepared for this years ago. You can say, unironically, "Thanks Obama" for that one. They specifically upgraded the public comments after the last network neutrality comment crush. Rather a lot (footnote: ECFS is the comment system -- and it was specifically targeted for a revamp and big bump to system capacity). That capacity wasn't exceeded -- not by the general public anyway. The inflow rate of submissions from John Oliver's gofccyourself.com came in well under -- 150k versus 1.1 million? It's hard to imagine how they'd add all that extra capacity only to have it fall over dead under a fraction of the load. Someone was even nice enough to make a map of who's submitting the comments. Look at the first time this happened. Then look at that one. Notice anything? This time around, the map looks like a mirror of the population distribution of the entire country. By the numbers, the whole nation knows about Network Neutrality, across every demographic... equally. Including the deceased.
Oh, they never filed a report with the Department of Homeland Security, which is what every government agency is supposed to do if they experience a cyber attack. Double bonus round, Here's the FCC's own page on cybersecurity preparedness and response. And what do they say? "The FCC, because of its relationship with the nation’s communications network service providers, is particularly well positioned to work with industry to secure the networks upon which the Internet depends." Sounds like someone who'd have a plan, you'd think.They claimed to the media something their own policies dictate what the response should be -- and they did
Re: (Score:2)
Re: (Score:1)
so, new law ? (Score:5, Funny)
So will there me a new definition of a DDOS ?
Law --
You cannot submit a comment to a Federal Agency when someone else is submitting a comment at the same time to any Federal Agency. Doing so violates the "Computer Fraud and Abuse Act" and the Patriot Act.
Denial Of Service Attack eh? (Score:2)
You mean somebody tripped over the power cord in the server room again?
Re: (Score:1)
"tripped"
This is surprising? (Score:2)
Anyone who has followed the con artist knows his modus operandi is to say something outrageous then refuse to provide any evidence to support the lie. We're supposed to accept his word is the truth despite lack of evidence.
That falsehood has now carried over to his disgraceful administration in the form of the FCC lying about being DDoS'd. Anyone with a minimal amount of technical knowledge can see through the lie, that the reason the web site went down was the rush of people trying to post their pro-net n
Offtopic shitpost (Score:2)
Have you seen pictures of this guy? He's the Indian BABABOOEY!
Uhh (Score:1)
This isn't a scenario where 'appeal to authority' is appropriate, try a verbal stratagem which dispels the appearance that you're being dishonest.
That's because they're lying (Score:2)
They know they're throwing everyone under the bus in order to give a huge payday to their masters at AT&T, Comcast, etc. They're just trying desperately to keep people from realizing that.