EXECUTIVE SUMMARY:

Reports emerged this week that last year’s alleged targeted DDoS attack on the Federal Communications Commission (FCC) website was a sham. According to Ars Technica, the FCC lied to Congress about an attack that never happened.

Coordination and intent are needed in order to classify traffic as DDoS. However, an internal investigation conducted by the FCC’s Office of Inspector General (IG) found that there was “no evidence” of any “coordination and intent.”  According to the agency’s report on the investigation, its findings “did not substantiate the allegations of multiple DDoS attacks alleged.”

The investigation began as an effort to figure out who was behind the attack, but, according to Gizmodo, “In January 2018, FCC investigators became convinced three senior officials—David Bray, Tony Summerlin, and Leo Wong—may have broken the law after providing false information in response to congressional inquiries about a purported cyberattack on the FCC.” The narrative was that a cyberattack had targeted and disrupted the FCC comment system. This, as Gizmodo reports, was happening while the commission sought public input on the proposed repeal of Obama-era net neutrality protections.

In concluding that the comment system was actually flooded with legitimate traffic, the IG said the problem was worsened by numerous system design flaws.

Users were sent over by talk show host and comedian John Oliver, who urged his viewers to oppose the repeal. Ars Technica reports, “The IT team was unprepared for the rush of traffic caused by the John Oliver show. A producer from Oliver’s staff contacted Pai’s office about the show days before it ran, but Pai’s staff didn’t respond and apparently didn’t inform the IT department about the upcoming show.”

Get the full story at Ars Technica.