FCC denies report that it didn’t document alleged cyberattack (updated)

The organization also refuses to share "gigabytes" of data on it.

The Federal Communications Commission now claims to have no data on a DDoS attack that took down its website in May, just months after stating it had "gigabytes" of documentation on the incident. The supposed attack followed talk show host John Oliver redirecting viewers to the FCC's comment section, where he encouraged them to complain about the organization's stance on net neutrality. With over 9 million comments reportedly left on the site, the FCC quickly responded, stating that it couldn't accept more feedback, because it was incapacitated by an alleged DDoS attack.

Now, after a freedom of information request filed by Gizmodo attempted to reveal more about the 'attack,' the FCC is claiming that its previous thorough analysis on the incident "did not result in written documentation." (Editor's note: the FCC has refuted the reporting done by Gizmodo and issued a statement. Please see the update below for the full details.)

A total of 16 pages of information were released to Gizmodo, yet none of them helped to explain the supposed cyber attack which brought down the FFC site on May 8th. This gives more credibility to the theory that the site was actually taken down by the large influx of complaint traffic driven by John Oliver's GoFCCyourself campaign.

Despite saying it has no documents on the incident, confusingly, the FCC then goes on to say that it can't reveal what it does have due to fears of revealing "trade secrets". It also states that it can't reveal other information about the attack for fears of putting its employees' personal data at risk. Once again, these contradictory statements suggest an FCC that is backpedaling thanks to poor infrastructure on its website. With the FCC's comment page initially made fairly hard to find, many critics are suggesting that the organization was actively trying to keep commenters away, leaving them completely unprepared for the slew of comments it received.

Either way, the lack of clarity surrounding this incident doesn't look good for the FCC. With the company's chairman Ajit Pai previously stating that he doesn't care what people think about net neutrality, it looks like the concerns of nine million people will most likely not be taken into consideration as the FCC continues to go about its plans to rollback net neutrality. While Trump's administration supports the FCC's plans, many of America's largest internet companies including Amazon and Facebook are staunchly opposed to the proposed ruling.

Update, 5PM ET: The FCC just issued a press release calling Gizmodo's story and other media reports (such as this one) incorrect. "The FCC has never stated that it lacks any documentation of this DDoS attack itself," the agency states. "And news reports claiming that the Commission has said this are without any basis and completely irresponsible. In fact, we have voluminous documentation of this attack in the form of logs collected by our commercial cloud partners."

To explain the confusion, the FCC notes that because "the Commission's IT professionals were in the midst of addressing the attack on May 8th" the initial analysis was not put in writing. It goes on to note that "subsequent analysis, once the incident had concluded, was put in writing. Indeed, analysis was made public in response to a request from Capitol Hill."

It looks like Gizmodo specifically requested documents through a Freedom of Information Act request pertaining to "FCC analysis cited in Dr. David Bray's May 8 public statement" -- and that analysis is what wasn't put into writing. But since then, it seems much more data has been conducted and more analysis recorded in a permanent fashion. Whether those documents can be released through subsequent FOIA requests remains to be seen.