Democrats go on the offensive over fake FCC net neut'y cyberattack

But efforts to target boss Ajit Pai are misguided partisanship

Analysis The debacle surrounding a false cyberattack on US federal regulator the FCC is heading to Congress, with politicians accusing its chairman of a "dereliction of duty."

Four Democrats on the House Energy and Commerce Committee sent a letter [PDF] to Ajit Pai in advance of a hearing this Thursday demanding to know what he knew about the claimed attack and when he knew it.

A report by the FCC's Inspector General this month confirmed what most already suspected: that the collapse of the FCC's public comment system over the controversial net neutrality reversal wasn't a distributed denial of service (DDoS) attack – as the regulator claimed - but the result of a wave of people directed to the website by a TV program that was critical of the proposal.

Despite the official report [PDF] placing the blame for the false claims at the door of the FCC's former CIO and CISO, in the hyper-partisan world of Washington DC, lawmakers have decided to try to turn it into an attack on the Republican chair, Ajit Pai.

"We are deeply disturbed by the Federal Communications Commission's (FCC) Inspector General's Report of Investigation into the alleged distributed denial-of-service attacks," the letter to Pai reads.

"Given the significant media, public, and Congressional attention this alleged cyberattack received for over a year, it is hard to believe that the release of the IO's Report was the first time that you and your staff realized that no cyberattack occurred."

It then goes on to attack Pai personally, stating: "Such ignorance would signify a dereliction of your duty as the head of the FCC, particularly due to the severity of the allegations and the blatant lack of evidence."

Others have gone further, with net neutrality advocacy group Fight for the Future calling Pai "an embarrassment", accusing him of lying, demanding his resignation and arguing that the false accounts should cause Congress to "act immediately to overrule Ajit Pai's corrupt gutting of net neutrality."


While such aggressive tactics are not entirely surprising given Pai's own aggressive rhetoric against Democrats, and Fight for the Future in particular, they are nevertheless misguided.

While Pai has pushed through numerous questionable changes at the FCC, most controversially a series of changes seemingly designed to help media giant Sinclair Broadcasting, and although his actions on net neutrality have fallen far below what you would expect from the head of a federal regulator, in this case, Pai acted pretty much how you would hope and expect him to.

The FCC Inspector General report was unsparing in its criticism of the regulator, noting that despite repeated claims to the contrary there was no evidence that the FCC's IT team had properly analyzed the flood of requests to the comment filing system before concluding that it had been subject to a cyberattack.

The obvious cause of the system falling over was the result of a cable show – Last Week Tonight with John Oliver – actively encouraging viewers to visit the FCC site and lodge their views.

Logs of the FCC's systems showed a clear spike in traffic the moment that the show urged viewers to contact the FCC through a redirected domain name (, and other related spikes when the show reiterated its call over social media.

Regardless, Chief Information Officer (CIO) David Bray told FCC management that it had fallen over because "some external folks attempted to send high traffic in an attempt to tie-up the server from responding to others."

In fact Bray misread the situation entirely and decided that 4Chan - "which is a group affiliated with Anonymous and the hacking community" - was behind a denial of service attack based on the logic that "normal folks cannot manually file a comment in less than a millisecond over and over and over again, so this was definitely high traffic targeting." He had in fact misunderstood his own systems and was misreading the logs.

You sure?

Ajit Pai's chief of staff David Berry was not convinced of this explanation, and asked for an assurance that it was an actual attack. "Are you confident it wasn't a bunch of John Oliver viewers?" he asked Bray directly in an email. Bray told him in response: "Yes, we’re 99.9 per cent confident this was external folks deliberately trying to tie-up the server."

As a result, faced with demands to explain why its system had fallen over, the FCC put out a statement the next day based on its CIO's conclusions. Despite Bray's assurances, the FCC release noted explicitly that its statement came from him and not the organization or the chair.

"Federal Communications Commission Chief Information Officer Dr. David Bray issued the following statement today regarding the cause of delays experienced by consumers recently trying to file comments on the FCC’s Electronic Comment Filing System (ECFS)," it started, before quoting him: "Beginning on Sunday night at midnight, our analysis reveals that the FCC was subject to multiple distributed denial-of-service attacks (DDos)…"

Bray was of course wrong. But the report notes that one factor in the confusion may have been the fact that the FCC did not inform him that the TV show had actually warned the FCC ahead of time that it would be running a segment and that they might experience significant traffic that same day.

"During our interview with Tony Summerlin, Summerlin said: 'Bray was furious that he had not been informed about the John Oliver episode'," the report notes.

There was confusion over the exact time that the "attack" started – Bray became convinced it started earlier than the TV show when it fact it directly coincided. And then there was the fact that Bray continued to insist his team had carried out an "analysis" of the traffic but the inspector general's report noted there wasn't one.

"We expected to obtain and review the analysis referenced by Bray in the press release and to obtain and review logs and supporting documents for that and subsequent analyses," the report notes. "However, we learned very quickly that there was no analysis supporting the conclusion in the press release, there were no subsequent analyses performed, and logs and other material were not readily available."

Back-up failure

This problem – where the organization's IT team was assuring management it had carried out an analysis and reached the correct conclusion – was continued in subsequent discussions and meetings. Even during the inspector general's investigations, FCC chief information security officer Leo Wong continued to insist that the conclusions were right, particularly when it came to the timing of the "attack."

The report also criticized Wong for misrepresenting a meeting between the FCC's IT staff and the FBI – which had been called into to discuss whether the attack warranted their attention.

There is a lot more detail in the report but the upshot is that, as big a debacle as it was, neither FCC chair Ajit Pai nor his immediate team, were responsible for the mess. They were in fact doing a professional job in difficult circumstances. They had:

  • Sought an immediate explanation for the system falling over from the person in charge of the system.
  • Double-checked that explanation before putting out a statement as soon as possible.
  • Put out a statement specifically from the CIO rather than the organization itself of the chair – indicating a level of continued uncertainty
  • Asked the FBI to talk to the FCC's IT team to see if they should get involved.
  • Responded to lawmaker's requests for information by directing communications staff to talk directly to IT staff – and then allowed that information to go out without interfering with it.
  • Held back from noting their own skepticism despite a critical roasting in the press and Congress, relying on the word of their own staff.

Although chair Pai was almost certainly informed about what was happening in general terms, the inspector general report appears to show that he did not micro-manage or over-involve himself in the process but instead trusted his IT and communications staff to handle what was a pretty embarrassing incident for the organization.


It appears as though Pai and his team were also open and compliant with the subsequent investigation by its inspector general (IG) – there doesn't appear to be any coded wording in the report that suggests otherwise – and it looks as though the IG was given all the assistance he needed to get to the bottom of things.

And then, when it emerged that Bray had clearly misled FCC management about the cause but more importantly about the fact that he had carried out a detailed analysis when he had not, he was replaced as CIO with no fuss and at the same time as there was a series of other changes at the organization. In other words, Pai didn’t hang him out to dry over a mistake.

All of which points to the sort of executive behavior that you would expect from an official in a powerful position. In fact, it may be the most professional that Pai has actually been since taking over the role. As obnoxious and puerile as he frequently is at public meetings and talks, Pai may be a good crisis leader, calm when others are losing their minds.


Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments


The same crisis leadership was demonstrated when the question over approval of the Sinclair-Tribune merger reached his desk. Rather than push ahead and tie the regulator up in an unnecessary controversy, Pai took the decision to refer it to an independent administrative court – a decision that cost him political points, particular with the White House.

Of course once the crisis was over and the inspector general report on the "DDoS attack" was imminent, Pai reverted back to type, slamming Bray in a statement put out before the actual report was released.

"I am deeply disappointed that the FCC’s former Chief Information Officer (CIO), who was hired by the prior Administration and is no longer with the Commission, provided inaccurate information about this incident to me, my office, Congress, and the American people," ranted.

"This is completely unacceptable. I’m also disappointed that some working under the former CIO apparently either disagreed with the information that he was presenting or had questions about it, yet didn’t feel comfortable communicating their concerns to me or my office."

He went on: "On the other hand, I’m pleased that this report debunks the conspiracy theory that my office or I had any knowledge that the information provided by the former CIO was inaccurate and was allowing that inaccurate information to be disseminated for political purposes."

Partisan BS

Now the Democrats and net neutrality advocates are trying to make hay out of this situation – where a federal regulator was completely wrong about the cause of an embarrassing failure of its own systems.

And the FCC should be embarrassed. Particularly over the fact that FCC leadership consciously ignored a clear majority of comments that were opposed to its plan because it wasn't in their interests to do so.

That is a shameful failure of an organization that is supposed to be doing serious policy work in support of the American people rather than push through ideological positions or support the interest of large corporations.

But when it comes to the DDoS fake attack, it would be far better for critics to recognize that in this case the FCC chair and his team did what was right, even though it proved to be a disaster. ®

Similar topics

Broader topics

Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading
  • FTC signals crackdown on ed-tech harvesting kid's data
    Trade watchdog, and President, reminds that COPPA can ban ya

    The US Federal Trade Commission on Thursday said it intends to take action against educational technology companies that unlawfully collect data from children using online educational services.

    In a policy statement, the agency said, "Children should not have to needlessly hand over their data and forfeit their privacy in order to do their schoolwork or participate in remote learning, especially given the wide and increasing adoption of ed tech tools."

    The agency says it will scrutinize educational service providers to ensure that they are meeting their legal obligations under COPPA, the Children's Online Privacy Protection Act.

    Continue reading
  • Mysterious firm seeks to buy majority stake in Arm China
    Chinese joint venture's ousted CEO tries to hang on - who will get control?

    The saga surrounding Arm's joint venture in China just took another intriguing turn: a mysterious firm named Lotcap Group claims it has signed a letter of intent to buy a 51 percent stake in Arm China from existing investors in the country.

    In a Chinese-language press release posted Wednesday, Lotcap said it has formed a subsidiary, Lotcap Fund, to buy a majority stake in the joint venture. However, reporting by one newspaper suggested that the investment firm still needs the approval of one significant investor to gain 51 percent control of Arm China.

    The development comes a couple of weeks after Arm China said that its former CEO, Allen Wu, was refusing once again to step down from his position, despite the company's board voting in late April to replace Wu with two co-chief executives. SoftBank Group, which owns 49 percent of the Chinese venture, has been trying to unentangle Arm China from Wu as the Japanese tech investment giant plans for an initial public offering of the British parent company.

    Continue reading
  • SmartNICs power the cloud, are enterprise datacenters next?
    High pricing, lack of software make smartNICs a tough sell, despite offload potential

    SmartNICs have the potential to accelerate enterprise workloads, but don't expect to see them bring hyperscale-class efficiency to most datacenters anytime soon, ZK Research's Zeus Kerravala told The Register.

    SmartNICs are widely deployed in cloud and hyperscale datacenters as a means to offload input/output (I/O) intensive network, security, and storage operations from the CPU, freeing it up to run revenue generating tenant workloads. Some more advanced chips even offload the hypervisor to further separate the infrastructure management layer from the rest of the server.

    Despite relative success in the cloud and a flurry of innovation from the still-limited vendor SmartNIC ecosystem, including Mellanox (Nvidia), Intel, Marvell, and Xilinx (AMD), Kerravala argues that the use cases for enterprise datacenters are unlikely to resemble those of the major hyperscalers, at least in the near term.

    Continue reading

Biting the hand that feeds IT © 1998–2022