ECFS Hit by 'Non-Traditional' DDoS Attacks in May, Pai Tells Senators
The FCC electronic comment filing system was the victim May 8 of a "non-traditional" directed denial-of-service attack, Chairman Ajit Pai said in letters released Tuesday to Sens. Ron Wyden, D-Ore., and Brian Schatz, D-Hawaii, in response questions the two asked…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
after last month's ECFS cyberattack (see 1705090063). Pai said the DDoS attack targeted the ECFS application program interface that's normally used by automated programs or bots for bulk filings. The FCC didn't have the technical option of blocking or removing the bots hitting the API and instead increased API capacity. Pai said the agency "continue[s] to research additional solutions to strengthen ECFS' controls." Pai said the FCC has multiple commercial services and tools for protecting its systems from DDoS and other cyberattacks, but "the non-traditional DDoS that we experienced is quite different than typical attacks in that it used legitimate commercial providers to introduce bots and poorly structured queries to overload the system." Pai said the cloud-based ECFS typically receives close to 10,000 comments a day, but its record is more than 400,000 comments on May 11, "showing the system can scale to accommodate a large number of visitors when other external factors are not present." House Communications Subcommittee ranking member Frank Pallone, D-N.J., separately urged the DOJ and FBI to investigate whether comments filed under stolen identities broke federal law (see 1706280043).