FCC has no documentation of DDoS attack that hit net neutrality comments

Enlarge / John Oliver takes on FCC Chairman Ajit Pai in net neutrality segment. (credit: HBO Last Week Tonight)

The US Federal Communications Commission says it has no written analysis of DDoS attacks that hit the commission's net neutrality comment system in May.

In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks "stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation." Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no "written documentation," the FCC provided no documents in response to this portion of the Gizmodo FoIA request.

The FCC also declined to release 209 pages of records, citing several exemptions to the FoIA law. For example, publication of documents related to "staffing decisions made by Commission supervisors, draft talking points, staff summaries of congressional letters, and policy suggestions from staff" could "harm the Commission’s deliberative processes," the FCC said. "Release of this information would chill deliberations within the Commission and impede the candid exchange of ideas."

Read 13 remaining paragraphs | Comments

Examining the FCC claim that DDoS attacks hit net neutrality comment system

Enlarge (credit: Getty Images | Valery Brozhinsky)

On May 8, when the Federal Communications Commission website failed and many people were prevented from submitting comments about net neutrality, the cause seemed obvious. Comedian John Oliver had just aired a segment blasting FCC Chairman Ajit Pai's plan to gut net neutrality rules, and it appeared that the site just couldn't handle the sudden influx of comments.

But when the FCC released a statement explaining the website's downtime, the commission didn't mention the Oliver show or people submitting comments opposing Pai's plan. Instead, the FCC attributed the downtime solely to "multiple distributed denial-of-service attacks (DDoS)." These were "deliberate attempts by external actors to bombard the FCC's comment system with a high amount of traffic to our commercial cloud host," performed by "actors" who "were not attempting to file comments themselves; rather, they made it difficult for legitimate commenters to access and file with the FCC."

The FCC has faced skepticism from net neutrality activists who doubt the website was hit with multiple DDoS attacks at the same time that many new commenters were trying to protest the plan to eliminate the current net neutrality rules. Besides the large influx of legitimate comments, what appeared to be spam bots flooded the FCC with identical comments attributed to people whose names were drawn from data breaches, which is another possible cause of downtime. There are now more than 2.5 million comments on Pai's plan. The FCC is taking comments until August 16, and will make a final decision sometime after that.

Read 36 remaining paragraphs | Comments

FCC fines Cox for falling for Lizard Squad scam, exposing customer data

"Hello, this is EvilJordie from IT. Please give me your password."

What's the cost of giving up customers' information because of weak information security practices? For Cox Communications, the answer is a half-million dollar fine and having the Federal Communications Commission watching its every information security move for the next seven years. The FCC's Enforcement Bureau and cable and broadband Internet provider Cox Communications have reached a settlement over an August 2014 data breach involving a member of the Lizard Squad hacking group. The FCC announced the settlement on Thursday.

The hacker, who goes by the nom de guerre "EvilJordie," used one of the oldest social engineering tricks in the book to gain access to Cox's internal data: he convinced a Cox customer service representative and a Cox contractor over the phone that he was a system administrator in Cox's IT department and sent them a "phishing" link to a malicious website that mimicked a corporate intranet site, where they entered their login credentials


Read 5 remaining paragraphs | Comments

Net Neutrality Groups Challenge AT&T FaceTime Blocking

Photo: Myles!/Flickr

The he-said, she-said banter may end soon about whether AT&T is breaching so-called net neutrality rules by limiting the use of iPhone’s FaceTime video calling on cellular networks to customers who sign up for new, shared data plans.

Online rights groups said Tuesday they are asking the Federal Communications Commission to weigh in on the matter. By rule, Public Knowledge, Free Press and the New America Foundation’s Open Technology Institute can file their net neutrality complaint with the FCC in 10 days because the clock started ticking when the groups notified the nation’s second-largest carrier of their intent Tuesday.

To date, Apple’s FaceTime, which allows live video conversations between users of Apple devices, has worked only over Wi-Fi. But Apple is changing that, opening the Skype-like service to function over cellular connections. The change comes when Apple’s newest mobile-phone operating system debuts Wednesday and will spread even wider once the new iPhone 5 starts landing in hands Friday.

AT&T says it will make the video-chat service available on its cellular network for those with generally more expensive, shared data plans, which the company unveiled last month. (There are some configurations where the shared plan is less expensive for the same service for individuals).

Among other things, the company says that it is simply a business decision to use FaceTime as a hostage to move recalcitrant customers to a new plan.

At issue are FCC net neutrality rules that went into effect in November.

The rules prohibit DSL and cable companies from unfairly blocking services they don’t like and require them to be transparent about how they manage their networks during times of congestion.

Mobile carriers like AT&T and Verizon face fewer rules, but are banned from interfering with alternate calling services such as Skype that compete with the carriers’ services. The groups say FaceTime counts as this kind of alternate calling service and thus is protected by the net neutrality rules.

The nation’s largest carrier, Verizon, and the third largest, Sprint, won’t limit FaceTime over cellular. T-Mobile, the smallest of the Big Four carriers, does not carry the iPhone.

AT&T said the main reason why there is no breach of the Federal Communications Commission’s net neutrality rules is because the FaceTime application comes pre-installed on iPhones, a position the digital rights groups scoffed at.

The regulations, however, do allow for certain kinds of mobile network management during periods of congestion, but these cannot unfairly target services that compete with the carriers’ own services.