Security Experts:

FCC Says Website Downtime Caused by DDoS Attacks

The U.S. Federal Communications Commission (FCC) said its website was disrupted by distributed denial-of-service (DDoS) attacks on Sunday night, not due to a large number of attempts to submit comments on net neutrality.

“Last Week Tonight” host John Oliver revisited the subject of net neutrality on Sunday, urging people to leave comments on the FCC’s website. Oliver has criticized FCC Chairman Ajit Pai over the proposal to roll back net neutrality rules, and he even set up a domain, gofccyourself.com, which redirects users to a page on the FCC website where they can submit comments on the proposal. The FCC’s site became inaccessible shortly after.

The TV host made similar comments back in June 2014, when the FCC’s website crashed due to the large number of users that attempted to vent their frustration. While many believe the latest incident was also caused by too much traffic on the server hosting the site, the FCC has blamed the downtime on DDoS attacks.

“Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos). These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” the FCC stated.

“These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC. While the comment system remained up and running the entire time, these DDoS events tied up the servers and prevented them from responding to people attempting to submit comments.” it added.

Some people are still skeptical and believe the FCC may have mistaken the large volume of traffic for a DDoS attack. Other theories are that someone launched a DDoS attack on the FCC just for fun, or that entities opposing net neutrality rules launched the attacks to prevent consumers from complaining.

Digital rights group “Fight for the Future” believes the FCC is either intentionally misleading or someone did actually launch DDoS attacks to block comments from net neutrality supporters. The organization believes both scenarios are concerning and it has called on the FCC to release its logs to independent security analysts or the media, and guarantee that all comments will be counted.

“The public deserves to know [what happened], and the FCC has a responsibility to maintain a functioning website and ensure that every member of the public who wants to submit a comment about net neutrality has the ability to do so. Anything less is a subversion of our democracy,” Fight for the Future said in a blog post.

Related: Could Killing of FCC Privacy Rules Lead to End of Net Neutrality?

view counter
Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.