Major cyber fraud at the FDA

Last July, the FDA (the US Food and Drug Administration) reported that it had been hacked. The cyber attack took place between June 8 and June 11. The cyber attackers’ goal was to change the results of a published report on various e-liquid flavours.

In the interest of public safety, the FDA decided to open up a national investigation into e-liquid flavours. The goal of the investigation was to determine the potential benefits and detriments of various vaping products, especially in regards to certain flavours.

Today, it is clear that the cyber fraud was far from anecdotal. More than 500,000 fake comments were posted, compared to only 22,000 authentic statements in the report. The masterminds behind the cyber attack clearly understood the goal of the FDA’s investigation. In fact, in the medium term, the results of the investigation were supposed to result in new vaping laws.

The entire investigation has now been threatened

The hack was initially discovered due to an unusual increase in the amount of comments being posted. In three days, federal servers received hundreds of thousands of comments undermining vaping products. An analysis of the hack showed that most of the comments came from bot software.

On June 25, the epidemiologist Carl Philips alerted authorities to irregularities in the FDA’s investigation, which led to an important question: who was behind the cyber attack? An analysis of the fake comments revealed that certain words and expressions were consistent with phrasing used in documents published by the organization Campaign for Tobacco-Free Kids (CTK). For the time being, this anti-tobacco organization has not made any comment.

Federal servers were so overwhelmed with fake comments that some important data may not be recoverable. Indeed, Brent Stafford from Reg Watch is afraid about future FDA investigations, as massive cyber attacks like this one could completely derail future investigations. Finally, Irregularities surrounding the European Commission’s plan to tax vaping only further legitimize fears that hackers could have their way with public perception.