Ajit Pai’s FCC Lied About DDoS Attack

Enlarge / Tom Wheeler, when he was Federal Communications Commission Chairman, at left, listens to then-FCC Commissioner Ajit Pai testify before the House Judiciary Committee about Internet regulation on March 25, 2015. President Donald Trump promoted Pai to chairman to succeed Wheeler.
Chip Somodvellia/Getty Images

There was no DDoS attack against the Federal Communications Commission comments system in 2014, former FCC Chairman Tom Wheeler said this week. Wheeler’s statement disputes claims made by the FCC under current Chairman Ajit Pai, who is under fire for unproven claims about DDoS attacks.

The controversy began in May 2017 after Pai unveiled an early version of his plan to eliminate net neutrality rules. The FCC system for accepting public comments on Pai’s plan failed just as many net neutrality supporters were trying to submit pro-net neutrality comments on the urging of comedian John Oliver.

The FCC claimed the May 2017 outage was caused by “multiple distributed denial-of-service attacks (DDoS)” rather than by the volume of legitimate pro-net neutrality comments or by a simple failure of the system. To bolster its case, Pai’s FCC claimed that a similar outage during the 2014 net neutrality proceeding was also caused by a DDoS attack. But Wheeler, who was chairman at the time and led the implementation of strict net neutrality rules, says there was no such attack in 2014.

“FCC officials who were there at the time said it didn’t happen,” Wheeler said in a C-SPAN show that will air this weekend, according to Axios. “The independent IT contractors that were hired said it didn’t happen. So if it didn’t happen, it’s hard to have a coverup for something that didn’t happen.”

The notion of a “coverup” comes from statements made to reporters in 2017 by then-FCC CIO David Bray. Bray was the commission’s CIO in both 2014 and 2017 and claimed that both outages were due to DDoS attacks. In 2017, Bray told reporters that the 2014 DDoS wasn’t revealed publicly at the time because “the Chairman” wanted to keep it quiet.

“[T]here was a similar DDoS attack after the 2014 [John Oliver] clip,” Bray told reporters from FedScoop in May 2017, according to recently released emails. “At the time, the Chairman did not want to say there was a DDoS attack out of concern of copycats.”

“The Chairman,” but not Wheeler

A statement about “the Chairman” in 2014 could only refer to Wheeler. Yet Bray now says he wasn’t referring to Wheeler and acknowledges that Bray himself was the one concerned about “copycats.”

Gizmodo reported yesterday:

Reached by Gizmodo, Bray walked back his accusation that the FCC’s silence over the non-existent 2014 cyberattack was Wheeler’s decision, saying that the concerns over potential “copycats” were actually his own, and that he would “not ascribe them to the former Chairman.” Further, Bray said that the phrase “the Chairman,” as used in his emails to reporters, was actually “shorthand” for his own work with the agency’s media relations department. (During the C-Span interview, Wheeler said he accepted Bray’s explanation.)

Bray confirmed this version of events to Ars as well last night. But he didn’t answer our other questions about why he attributed his own concerns to the FCC chairman and whether he still believes the 2014 and 2017 comment system disruptions were caused by DDoS attacks. Bray referred us again to a blog post from earlier this week that describes his own observations from the two incidents without definitively saying whether those incidents were DDoSes.

“I do still think there were odd events that denied resources to the commenting system in 2014 and there should be email records of these observations and concerning events,” Bray wrote. “It was a turbulent time and we were trying to do our best to make sense of what was happening.”

Of 2017, Bray’s blog post says that “something odd happened” that time as well, “with the API being flooded abnormally” beyond the level expected from legitimate commenters alone. “Whether the term could have been bot swarm or API spam flood or something else, I do believe the reported observations from [the May 2017 incident] supported the analysis of something odd happening that looked like a distributed denial of service to the commenting system,” he wrote.

The FCC hasn’t responded to requests for comments this week.

Net neutrality advocates have accused the FCC of making false DDoS claims to distract from its failure to process all pro-net neutrality comments. The May 2017 outage is still under investigation, while the FCC’s net neutrality repeal is scheduled to take effect Monday. The US Government Accountability Office (GAO) is investigating the FCC’s DDoS claims at the urging of Democratic lawmakers.

Separately, the New York state attorney general’s office is investigating fraud in the net neutrality comments system and accused Pai of refusing multiple requests for evidence.