Two Democratic lawmakers called for an independent investigation into the Federal Communications Commission’s claim that it was hit by a distributed denial of service (DDoS) attack that knocked its public commenting system offline.

Senator Brian Schatz, D-HI, and Congressman Frank Pallone Jr., D-N.J., called upon the U.S. Government Accountability Office (GAO) to look into the supposed DDoS attack that took place on May 8 after a segment on John Oliver’s HBO show “Last Week Tonight” directed users to the FCC’s website.

STRUCTURE SECURITY -- USE THIS ONE
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Newsweek Media Group

The legislators sent a letter, first acquired by Gizmodo, to the GAO Thursday in which the pair said the FCC and FBI have failed to provide any actual evidence to suggest the denial of service attack took place as the commission claims.

"While the FCC and the FBI have responded to Congressional inquiries into these DDoS attacks, they have not released any records or documentation that would allow for confirmation that an attack occurred, that it was effectively dealt with, and that the FCC has begun to institute measures to thwart future attacks and ensure the security of its systems," the lawmakers wrote.

In order to learn more details about the attack and what the FCC has done in the wake of the situation to improve its cybersecurity defense, the members of Congress requested the GAO conduct an independent review of the situation.

Schatz and Pallone posed several questions that they would like investigated in regards to the FCC’s claims, including, “How did the FCC determine that a cyberattack took place on May 8th?” and “What documentation did the FCC develop during its investigation of this reported attack, and has it done any after-action reports or other evaluations that would help the FCC respond to future attacks of this nature?”

Thus far the FCC has insisted that a denial of service attack led to a temporary outage in its commenting system—an outage that occurred right as John Oliver directed millions of viewers to the FCC’s site for public comment in an effort to drum up support for maintaining the current net neutrality protections that the FCC has proposed doing away with.

The timing of the DDoS attack has long been considered suspicious by net neutrality activists, who have theorized the commission claimed the viewers flooding the site after Oliver’s segment amounted to a DDoS attack. Groups like Fight for the Future have been calling for an investigation into the claims since May.

The FCC also has refused to turn over any documents relating to the supposed DDoS event. In response to a Freedom of Information Act request filed by Gizmodo, the agency claimed its IT staff observed the cyberattack as it was taking place but those observations “did not result in written documentation.”

The Democratic lawmakers also raised questions about the FCC’s response to an apparent flood of fake comments that filled the net neutrality comment page.

There have been reports that indicate a large number of comments, including many in support of FCC chairman Ajit Pai’s plan to undo current net neutrality protections, were generated by a bot and used the name and information of people who did not actually leave the comments.

"Taken together, these situations raise serious questions about how the public makes its thoughts known to the FCC and how the FCC develops the record it uses to justify decisions reached by the agency," Schatz and Pallone said.

RELATED STORIES