When did you realise that hacker group LulzSec was using your online security service CloudFlare?
The process of signing up for is self-service – 1500 new websites sign up almost every day – so we had no idea in June 2011 when a website called signed up. Within 24 hours they had published information about their alleged and we quickly became aware of who they were.
What was your reaction?
Internally, we had a debate about the right thing to do. It’s important to note that because of the way CloudFlare works, no hacking activity was launched from our network. If we had terminated Lulz Security as a client that would not have taken their content off the internet. There are a lot of things on the internet that I personally find troubling, but our role as a company wasn’t to play internet censor.
What happened next?
There were 22 days from when Lulz Security first signed up for the service to when they announced they were disbanding. In that period, the attacks against their website just went through the roof.
Advertisement
What kind of attacks did you see?
We saw a wide range of hacking attacks directed at us, some of which were remarkably clever. They ranged from fairly standard old-school denial-of-service attacks, where attackers would flood a particular network interface with an enormous amount of traffic, to very specific attacks targeted at vulnerabilities in the routers we used on our network. That’s pretty clever; you would have to spend quite a bit of time investigating the network’s topology in order to figure out what routers we were using.
Any idea of who was trying to hack LulzSec?
There were several white-hat [ethical] hacker groups that announced that they were trying to knock LulzSec offline. The most vocal of these was a hacker called who spent a lot of time trying to defeat our system.
Have you been in touch with LulzSec since they disbanded?
After everything was over, I had some requests to tell the story of what happened. We respect the privacy and confidentiality of all of our clients, so I wrote to the email address we had on file for the LulzSec account. About two weeks later I got a response, and it simply read: “You have my permission.” It was signed: “Captain Jack Sparrow.”
Would you let LulzSec or another branch of the Anonymous hacker group use CloudFlare in the future?
A lot of websites that claim to be part of Anonymous use CloudFlare, and many of the Occupy movement’s websites do too, but so do a lot of banks and Fortune 500 companies. We are a fairly good reflection of the internet overall and we’re trying to make the internet overall faster and safer.
Profile
is CEO of online security company ClouldFlare, which helped make hacker group LulzSec’s website resistant to rival hackers last year when they made high-profile hacks of Fox News, Sony and others. This week, Prince will give a talk called “Surviving Lulz” at the in Austin, Texas