E-Mails Show FCC Made Up DDOS Attack To Downplay The 'John Oliver Effect'

You might remember that when HBO comedian John Oliver originally tackled net neutrality on his show in 2014, the FCC website crashed under the load of concerned consumers eager to support the creation of net neutrality rules. When Oliver revisited the topic last May to discuss Trump FCC boss Ajit Pai's myopic plan to kill those same rules, the FCC website crashed under the load a second time. That's not a particular shock; the FCC's website has long been seen as an outdated relic from the wayback times of Netscape, hit counters, and awful MIDI music.

But then something weird happened. In the midst of all the media attention Oliver was receiving for his segment, the FCC issued a statement (pdf) by former FCC Chief Information Officer David Bray, claiming that comprehensive FCC "analysis" indicated that it was a malicious DDoS attack, not angry net neutrality supporters, that brought the agency's website to its knees:

"Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC."

But the FCC's claims were seen as suspect by numerous security experts, who say the crash showed none of the usual telltale signs of an actual DDOS. And reports subsequently emerged indicating that the "analysis" the FCC supposedly conducted never actually occurred. When media outlets began noticing that something fishy was going on, the Trump FCC issued a punchy statement accusing the media of being "completely irresponsible." No evidence was ever provided to journalists or lawmakers that pressured the agency for hard data proving the claims.

Fast forward to this week, and new internal FCC e-mails obtained via FOIA request show that yes, the FCC did routinely try to mislead the public and the press with repeated claims of DDOS attacks that never actually happened:

"The FCC has been unwilling or unable to produce any evidence an attack occurred—not to the reporters who’ve requested and even sued over it, and not to U.S. lawmakers who’ve demanded to see it. Instead, the agency conducted a quiet campaign to bolster its cyberattack story with the aid of friendly and easily duped reporters, chiefly by spreading word of an earlier cyberattack that its own security staff say never happened."

The story is worth a read, and highlights how former FCC CIO David Bray and FCC media relations head Mark Wigfield repeatedly fed false information about the nonexistent attack to reporters, then used those (incorrect) stories to further prop up their flimsy claims about the DDOS:

"Bray is not the only FCC official last year to push dubious accounts to reporters. Mark Wigfield, the FCC’s deputy director of media relations, told Politico: “there were similar DDoS attacks back in 2014 right after the Jon Oliver [sic] episode.” According to emails between Bray and FedScoop, the FCC’s Office of Media Relations likewise fed cooked-up details about an unverified cyberattack to the Wall Street Journal. The Journal apparently swallowed the FCC’s revised history of the incident, reporting that the agency “also revealed that the 2014 show had been followed by DDoS attacks too,” as if it were a fact that had been concealed for several years. After it was published, the Journal’s article, authored by tech reporter John McKinnon, was forwarded by Bray to reporters at other outlets and portrayed as a factual telling of events. Bray also emailed the story to several private citizens who had contacted the FCC with questions and concerns about the comment system’s issues."

The story isn't going to get much mainstream traction thanks to numerous other instances of cultural idiocy we're all currently soaking in, but it's fairly amazing all the same. In short, the FCC appears to have completely concocted a fake DDOS attack in a ham-fisted effort to try and downplay the massive public opposition to its extremely-unpopular policies.

Of course that's pretty standard behavior for an agency that also blocked a law enforcement inquiry into fraud during the public comment period, likely also an effort to downplay massive public opposition to the repeal. It's also pretty standard behavior from a Trump administration that enjoys using bullshit to distract from the fact that countless policies (like repealing net neutrality) run in stark, violent contrast to the admin's "populist" election message.

This isn't likely to be the end of this story, and more details are likely to surface in the looming lawsuits against the FCC attempting to restore net neutrality.