With any DDoS attack, the best way to investigate it is to review the logs. Due to the sensitivity of the information submitted to the Federal Communications Commission (FCC) net neutrality site, and the ability for IP addresses to potentially increase privacy risks for users submitting their opinions, the logs have not been publicly released for review. The FCC’s CIO, David Bray, stated that, after reviewing the logs, it was determined that nonhuman bots were creating a large number of comments to the FCC net neutrality site via an API. He also mentioned that the systems creating the large wave of comment traffic wasn’t from a botnet of infected systems, but from a publically available cloud service.
If this truly was a botnet pumping large amounts of comments to the FCC’s net neutrality site — possibly for spam-related purposes — while there was a large influx of users attempting to post opinions and comments regarding the net neutrality policy, it’s likely that the application reacted in a manner that’s identical to a DDoS attack. We know that the API was hit hard from public comments made by the FCC and it’s these application-based resources that can become very expensive when it comes to utilization. Read my article below:
This is a Security Bloggers Network syndicated blog post authored by Matthew Pascucci. Read the original post at: Frontline Sentinel