When HBO host John Oliver called for Internet trolls to deluge the Federal Communications Commission with comments about net neutrality, he may not have expected for the FCC's site to get shut down. That, however, is exactly what happened, but it wasn’t because Oliver’s viewers overwhelmed the site with public comments, as was widely reported.
In fact, shortly after Oliver’s 13-minute rant last Sunday, the FCC’s website was compromised by an external barrage that effectively shut down the site’s commenting system using database Denial of Service tactics, the FCC confirmed to Motherboard on Tuesday.
For several hours, the onslaught disabled the FCC’s Open Internet comment process, known as the Electronic Comment Filing System (ECFS). In doing so, the assailants temporarily prevented the public from being able to file comments on the FCC’s Open Internet docket.
A database DoS attack is different from the more common web-based DoS attack, in which attackers attempt to shut down a website by sending massive amounts of traffic toward it, usually using scripts or automated bots designed to temporarily cripple a website. Many news organizations have been attacked using this method in recent years.
In a database DoS attack, the hacker targets the underlying infrastructure of the website itself, rather than just bombarding the site with traffic. In the FCC’s case, the intruders repeatedly initiated new public comments—most likely using an automated script—and then almost instantaneously executed searches for those records.
This tactic creates what are called “dead record locks” in a database—in this case, the FCC’s electronic comment filing system. This is a well-known database problem that arises when multiple parties are trying to view or modify the same record. It can happen at banks or other systems where people are trying to simultaneously access the same item in a database.
"We received a surge in the volume of visits to our electronic comment filing system last week," FCC spokesperson Kim Hart told me. "A byproduct of the high volume was what is known is a 'dead record lock,' where connections in the database create record lock contention and eventually cause the system to freeze. This created difficulty for people trying to submit and search for filed comments."
The spike in dead record locks wasn’t from increased Web traffic or a fundamental technical problem with the FCC’s website, sources said. Rather, the site was hit by a sustained effort from unknown digital assailants who were trying to hobble the agency’s database, in an apparent attempt to make the FCC and its IT systems look bad.
"The volume of visits to ECFS peaked on June 3, with a 10-fold increase in the hourly load on the system compared to the visit volume of a typical day," an FCC official told me. "During the week of June 2-6, the system experienced a 40-fold increase in dead record locks compared to a typical day."
No internal FCC data was compromised, but the hackers temporarily blocked legitimate public comments, an ironic twist for an agency seeking public input on its Open Internet rule-making process. The FCC's investigation into the incident is ongoing, but for now, the agency hasn't definitively concluded that the issue was the result of "malicious activity," Hart said.
The FCC was vulnerable because its public commenting system is 17 years old, which is shocking in its own right.
Net neutrality is the principle that Internet openness depends on the equal treatment of Web traffic for consumers. The FCC’s net neutrality policies have been in limbo since a federal court struck down most of the agency’s 2010 open Internet order in January. In response, the FCC has opened the door to so-called “paid prioritization” deals, in which broadband providers could strike special agreements with Internet companies for preferential treatment.
Net neutrality advocates want the FCC to reclassify broadband companies under the Title II “common carrier” provisions of the Communications Act, which have governed traditional phone companies for decades. Such reclassification would subject the broadband companies to tighter regulation. The broadband giants vehemently oppose such reclassification.
John Oliver deserves credit for spotlighting an important issue and urging consumers to participate in the FCC’s comment process. And it's not clear his call for Internet trolls to comment on net neutrality directly prompted unknown assailants to shut down the FCC’s commenting process, but the timing does line up.
The FCC was vulnerable because its public commenting system is 17 years old, which is shocking in its own right. FCC Chairman Tom Wheeler and other FCC officials have gone to Congress practically begging for an increase in the agency’s budget to modernize its IT systems.
At a time when the FCC is weighing decisions that will affect the future of the Internet (not to mention several giant telecom mergers) it seems appropriate that the agency be fully funded. Until those calls are heeded, the FCC remains vulnerable to more incidents like the one that closed the Open Internet comment process.
As for net neutrality, the FCC has encouraged the public to participate in the ongoing Open Internet rule-making process. Those who wish to be part of the process can submit their comments here, or at Docket 14-28: “Protecting and Promoting the Open Internet.” Recent public comment filings can be found here. Email comments are also accepted at firstname.lastname@example.org.