RSA Conference 2012: Why we kept LulzSec safe
Cloud-based security services company CloudFlare protected LulzSec from hacking attempts while LulzSec made headlines by hacking web sites around the world. The company's CEO explains how, and why, they felt compelled to protect the antisec group
By Joan Goodchild , Senior Editor
February 28, 2012 — CSO —
SAN FRANCISCO - On June 2nd, 2011, the antisec hacker group known as LulzSec launched a web site. Although they had been an active hacking group for several weeks, the creation of Lulzsecurity.com was their first official web presence other than the Twitter account they had been using.
Shortly after launching LulzSecurity.com, the group experienced a denial-of-service attack and the site was taken down. But within 45 minutes, they were back up and running again — and they had created an account with CloudFlare, a cloud-based security and performance service for web sites. CloudFlare offers both free and commercial services, and LulzSec had signed up for a free account.
For the next 22 days, CloudFlare CEO Matthew Prince and his colleagues were part of what he described as an intense experience that was at times alarming, but ultimately quite educational, as his company provided security protection for the group everyone wanted to take down.
"Every type of hacker was trying to find out where LulzSec was posted and how they can knock them offline," Prince explained in a RSA Conference talk on Tuesday in which he detailed the story.
During the time CloudFlare provided services to LulzSec, they saw a myriad of attacks from all over the globe that ranged from Layer Seven attacks that Prince described as "harmless," to one he termed as "clever" — an IP scan and attack on CloudFlare's router interfaces. None were successful in taking down LulzSec.
The peak day, according to Prince, was on June 16th when they saw 21 gigabytes of attack traffic. It was shortly after LulzSec had taken down several popular gaming sites, including Minecraft.
"You can't pay for pen testing like this. Once we realized we were going to survive, it was actually kind of a fun experience for us," said Prince.
During the three weeks LulzSec was using CloudFlare, the group took down several sites, including the CIA's web site. They also managed to obtain and then leak sensitive information from Sony Pictures, The Arizona Department of Public Safety and a Brazilian government web site, among others. Because of the model CloudFlare is based on, Prince was quick to point out none of LulzSec's hacking activity took place within CloudFlare services. All hacking took place elsewhere. The group also switched web site hosts seven times, said Prince; moving all over the world, from the U.S to Germany.