Pranksters take advantage of FCC file-upload comment system

Pranksters take advantage of FCC file-upload comment system

Pranksters have posted a variety of fake messages on the Federal Communication Commission commenting system that have been made to look as if they are rebellious statements coming from within the organization.

"Dear American citizenry, We’re sorry Ajit Pai is such a filthy spineless [expletive]," wrote the first example to go viral on Twitter.

It was formatted to appear on FCC letterhead in business letter format and used a term preferred by the far right to denote ineffectual conservatives.

"Sincerely, The FCC."

The FCC's commenting system allows users to take advantage of pre-written computer code known as an Application Programming Interface to design programs to quickly post commentary about proposed rule changes.

A wide array of documents are immediately posted to the website for public view without reformatting to show they are comments. 

That means anyone with a programming background can post to the FCC system, where it can appear to be an official statement.  

The types of files that can be uploaded include several kinds of web design code, meaning that attackers could make entire web pages that would appear to be posted on the FCC servers.

Web addresses of files taking advantage of the commenting system begin "ecfsapi.fcc.gov."

The FCC claims to have a more formal cyberattack earlier this year, when it says an attacker overwhelmed and crashed its commenting system with an intention surge of too much traffic.