Why CloudFlare kept LulzSec safe

By , CSO |  Security

During the three weeks LulzSec was using CloudFlare, the group took down several sites, including the CIA's web site. They also managed to obtain and then leak sensitive information from Sony Pictures, The Arizona Department of Public Safety and a Brazilian government web site, among others. Because of the model CloudFlare is based on, Prince was quick to point out none of LulzSec's hacking activity took place within CloudFlare services. All hacking took place elsewhere. The group also switched web site hosts seven times, said Prince; moving all over the world, from the U.S to Germany.

On June 26th, LulzSec issued a statement and said the group was done with its public hacking. They took down their site and CloudFlare's experience with the hacker group ended. Prince soon started to field requests for talks on the experience. Not wanting to violate his company's privacy agreement, he wrote to LulzSec using the email they had used to sign up and asked permission to discuss what they had been through.

Several days later he received a response. It simply read:

"You have my permission. — Jack Sparrow"

Prince said while CloudFlare had been contacted by government law enforcement officials about LulzSec, they had very little information to provide. All that is needed to sign up for free CloudFlare services is an email address, a username and a password.

At no time did law enforcement ask CloudFlare to discontinue providing services to LulzSec.

"It would have been an interesting question if they had," said Prince.

Prince and colleagues suffered what he called an existential crisis many times during the experience.

"We thought: Is this who we want to have on our network?" said Prince. But, ultimately, the company felt they were not in a position to play censor.

CloudFlare will not allow sites that distribute malware, conduct phishing or host child pornography to use their services. But beyond that, Prince said he feels just about any site deserves to be served.

"I'm not sure it's my role to decide what should be on the internet."


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question