The New York attorney general opened an investigation and has since issued subpoenas to more than a dozen entities — estimating that “as many as 9.6 million comments may have used stolen identities.” But the FCC went ahead and scrapped the net neutrality rule in a massive victory for the broadband industry and a huge blow, consumer advocates said, for users. Some suspicious comments have been tracked back to particular political operatives. But the question of how millions of identities were marshaled without consent has largely remained a mystery. Until now.
…The anti–net neutrality comments harvested on behalf of Broadband for America, the industry group that represented telecommunications giants including AT&T, Cox, and Comcast, were uploaded to the FCC website by Media Bridge founder Shane Cory, a former executive director of both the Libertarian Party and the conservative sting group Project Veritas. Cory has claimed credit for “20 or 30” major public advocacy campaigns in recent years, including, he says, record-setting submissions to the IRS, Environmental Protection Agency, Bureau of Land Management, Bureau of Ocean Energy Management, and “probably a handful of others.” On Media Bridge’s website, the company has described itself as having expertise in “overwhelming government agencies” with avalanches of public submissions, and has publicly dubbed its approach to marshaling comments the “Big Hammer.”
In the FCC campaign, Cory was working for Ralph Reed — a high-powered political strategist and titan of the Christian right who himself was working for Broadband for America. Cory, in turn, enlisted LCX Digital to find the commenters.
…In a sworn deposition, a cofounder of LCX described the business as a “completely fraudulent” enterprise that had routinely faked data in its corporate work.
…“Spend a million dollars with Media Bridge,” Cory’s company told prospective clients in a post on its website, “and most likely, you’ll have a million people + advocating for your position.”
…Suddenly, despite polling showing substantial support for net neutrality, Americans appeared to be flocking online to defend the rights of the telecom giants.
Almost immediately, observers started sounding alarms. The tech publication ZDNet found that “anti-net neutrality spammers are flooding FCC’s pages with fake comments” and that several people whose names appeared as commenters said they had not posted a word. Reporters at Gizmodo and the Verge found similar examples.
Pro–net neutrality comments were called into question, too. Nearly 8 million identical one-sentence comments supporting the existing regulations were tied to email addresses from FakeMailGenerator.com. Many of those used plausible names but with nonsensical street-and-city combinations that do not exist. Another million comments, also supporting net neutrality, claimed to come from people with @pornhub.com email addresses.
By the time the comment period closed at the end of August, the number of comments had obliterated all previous records, with more than five times as many as the last time the issue had come up for debate.
…In one particular group of 1.9 million comments, according to BuzzFeed News’ analysis, 94% of the email addresses belonged to people who had fallen victim to a hack known as the Modern Business Solutions data breach, in which millions of people’s personal information, including full names, birthdates, home addresses, and email addresses, had been stolen. In 2016, a hacker had tweeted links to the breached data, which security researchers eventually traced back to an Austin-based data management company whose servers had been unguarded.
All these comments were uploaded by Cory, using his Media Bridge email address. (Some of the comments were full duplicates; after removing them, there were just over 1.5 million comment-and-email combinations.)
…Even the names, in some cases, were red flags. Oregon Sen. Jeff Merkley and Arizona Rep. Ruben Gallego — both Democrats — appeared to advocate against net neutrality, contrary to their party’s position. Merkley has previously said he didn’t write the comment attributed to him, and last year he called on the FCC to investigate its fake-comment problem.
…Fictional characters had also chimed in: Boba Fett and Luke Skywalker made their cases against net neutrality, although they claimed to live in Colleyville, Texas, and Marietta, Georgia.
…The most remarkable pattern concerned the timestamps in the data. If LCX’s data is to be believed, Texans were just as likely to sign the letter at 3 a.m. as at 3 p.m. — or any other hour of the day, for that matter. But that’s not how people normally behave online. A typical person’s internet activity peaks during the most common waking hours and crashes after that.
The IP addresses listed in the data also raise questions. All 11 people listed from Keene, Texas, for instance, purportedly approved their letter-signing through IP addresses on a specific address range owned by Major League Baseball Advanced Media, which is headquartered more than a thousand miles away in New York City.