‘Power Grab’: FCC website hit with 128k anti-net neutrality messages in bot cyberattack

‘Power Grab’: FCC website hit with 128k anti-net neutrality messages in bot cyberattack
After the FCC announced plans to rollback net neutrality regulations, their public comment system was flooded with hundreds of thousands of comments crashing the system. Many of the comments appear to be fake and from a bot.

Two weeks ago, Federal Communications Commission (FCC) chairman Ajit Pai announced plans to reverse net neutrality rules put in place under former President Barack Obama. 

The new rules would allow internet service providers (ISPs) to provide “fast lanes” for some users while slowing or even blocking traffic for others. Critics say the rollback could lead to ISPs abusing their power as gatekeepers of the internet.

Last Sunday, John Oliver, host of the HBO show “Last Week Tonight” encouraged his viewers to flood the FCC comment system with messages in opposition to undoing the Obama-era regulations. Oliver had already shut the FCC site down in 2014 by calling on his users to flood the comment system.

On May 8, FCC Chief Information Officer David Bray released a statement confirming the FCC’s Electronic Comment Filing System had crashed. However, Bray claimed that they had been hit with a distributed denial-of-service (DDoS) attack. A DDoS attack uses automated bots to flood a site with so much traffic that it temporarily shuts down. 

These were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” Bray said in the FCC statement. “These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.

In total, more than 740,000 comments have been filed on the comment page. More than 700,000 of those comments were filed after John Oliver’s show aired, despite the comment system experiencing downtime and slowness.

However, many of the new comments have the appearance of being fake. More than 128,000 of the new comments contain identical messages. 

The unprecedented regulatory power the Obama Administration imposed on the internet is smothering innovation, damaging the American economy and obstructing job creation,” the identical messages read. “I urge the Federal Communications Commission to end the bureaucratic regulatory overreach of the internet known as Title II and restore the bipartisan light-touch regulatory consensus that enabled the internet to flourish for more than 20 years.

The text of the message is very similar to a 2010 press release from the Center for Individual Freedom, a conservative group opposed to the Obama-era net neutrality regulations. 

The group was contacted by reporters from the Verge, who asked if they were behind the cyberattack. A spokesperson told them that they did send emails to their supporters urging them to comment. 

Yes, the Center for Individual Freedom is asking our supporters and other activists across the nation to submit comments,” a spokesperson told the Verge. “It shouldn’t come as a surprise that the wording [of the email] is similar to the wording CFIF used in 2010 as our messaging on this general issue has been consistent for nearly a decade.

While it is possible that the spam bot used the group’s form to send the comments, the spokesperson denied that they were behind the DDoS attack.

Searching the identical comments shows they were posted by users in alphabetical order, meaning they are most likely automated messages from a bot that cycles through names.

On Wednesday, reporters from ZDNet contacted many of the users who provided their phone numbers along with their comments. Of those users that were contacted, none of them said they left any comments on the FCC website. 

After the FCC announced they had been the subject of an attack, Senators Ron Wyden (D-Oregon) and Brian Schatz (D-Hawaii) wrote a letter to Pai, asking for more specific details about the attack. 

"A denial-of-service attack against the FCC's website can prevent the public from being able to contribute to this process and have their voices heard," the senators wrote. "Any potentially hostile cyber activities that prevent Americans from being able to participate in a fair and transparent process must be treated as a serious issue."

The comment system has been struggling for the past several days, making it difficult for real users to access the pages or file a genuine complaint as of Wednesday.