Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

FCC has no documentation of DDoS attack that hit net neutrality comments


bsaambl

Recommended Posts

Records request denied because FCC made no "written documentation" of attack.

The US Federal Communications Commission says it has no written analysis of DDoS attacks that hit the commission's net neutrality comment system in May.

In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks "stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation." Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no "written documentation," the FCC provided no documents in response to this portion of the Gizmodo FoIA request.

The FCC also declined to release 209 pages of records, citing several exemptions to the FoIA law. For example, publication of documents related to "staffing decisions made by Commission supervisors, draft talking points, staff summaries of congressional letters, and policy suggestions from staff" could "harm the Commission’s deliberative processes," the FCC said. "Release of this information would chill deliberations within the Commission and impede the candid exchange of ideas."

The FCC also declined to release internal "discussion of the Commission’s IT infrastructure and countermeasures," because "It is reasonably foreseeable that this information, if released, would allow adversaries to circumvent the FCC’s protection measures."

The FCC did release 16 pages of records, "though none of them shed any light on the events that led to the FCC’s website crashing on May 8," Gizmodo wrote yesterday. "The few e-mails by FCC staff that were actually released to Gizmodo are entirely redacted."

The Gizmodo article comes in the same week that the FCC refused to release the text of more than 40,000 net neutrality complaints that it has received from Internet users since June 2015. Pai has claimed that net neutrality rules were a response to "hypothetical harms and hysterical prophecies of doom," but most complaints to the FCC about potential net neutrality violations by ISPs are being kept secret. (The FCC did release 1,000 of the complaints to the National Hispanic Media Coalition, which had filed a FoIA request.)

Pai has claimed that his proposed repeal of net neutrality rules is using a "far more transparent" process than the one used to implement net neutrality rules in 2015.

Ars' FoIA request denied

Separately, Ars filed a FoIA request on May 9 for e-mails and other communications and records related to the attack on the net neutrality comment system and related downtime. The FCC denied our request on June 21, saying that "due to an ongoing investigation we are not able to release records associated with this incident."

Ars appealed that decision to the FCC on June 30 in light of Chairman Ajit Pai's statement to US senators that the FBI is not investigating the comment system attack.

"In speaking with the FBI, the conclusion was reached that, given the facts currently known, the attack did not appear to rise to the level of a major incident that would trigger further FBI involvement," Pai wrote to Senate Democrats who asked for more details about the attacks and the FCC's response to the attacks.

The FCC has not responded to our FoIA appeal or to a followup e-mail we sent on Tuesday this week.

UPDATE: The FCC responded to our FoIA appeal two hours after this story published, saying it won't release the e-mails and other records because of an internal investigation.

"An internal investigation into the matter is under consideration," the FCC told us. "Agency staff have concluded that release of the records you requested could be reasonably expected to impede and interfere with this investigation."

Comment system failure and DDoS analysis

The FCC's website failure temporarily prevented the public from commenting on Pai's controversial proposal to dismantle net neutrality rules. The downtime coincided with a heavy influx of comments triggered by comedian John Oliver's HBO segment criticizing Pai's plan, but the FCC attributed the downtime solely to "multiple distributed denial-of-service attacks."

We published an analysis of the FCC's statements in May, concluding that the incident was caused either by "an unusual type of DDoS or poorly written spam bots." Cloudflare, which operates a global network that protects websites from DDoS attacks, supported the FCC's statements. The FCC's descriptions are consistent with "a 'Layer 7' or Application Layer attack," Cloudflare Information Security Chief Marc Rogers told Ars.

"In this type of [DDoS] attack, instead of trying to saturate the site's network by flooding it with junk traffic, the attacker instead tries to bring a site down by attacking an application running on it," Rogers said.

The FCC also refused to release server logs related to the attack because they might contain private information such as IP addresses. Security experts who spoke to Ars supported this decision.

There are now more than 10 million comments on Pai's plan to overturn net neutrality rules, though many contain the same text because they come from spam bots or from campaigns urging people to submit pre-written comments. Pai has said that the number of comments opposing or supporting his plan "is not as important as the substantive comments that are in the record."
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...