Behind the scenes at LulzSec: no laughing matter

Added by Editor on 15 March 2012.
Saved under News, Top
Tags: , , ,

The LulzSec logo

Imagine you’re the CEO of an Internet security start-up. Now imagine one of the world’s most notorious hacker groups signs up for your service, to help protect their own website from attacks. What do you do?

That’s exactly the dilemma Matthew Prince, CEO and founder of CloudFlare, faced in June 2011. LulzSec — short for Lulz Security — was a hacker collective formed in May 2011 which quickly achieved infamy by hacking the Fox Network and PBS and publishing portions of their private data.

When LulzSec launched its own site in June, it was immediately attacked in retaliation and brought down within 45 minutes by a distributed denial-of-service attack (DDoS). The hackers signed up for CloudFlare — which specialises in deflecting these kinds of attacks — and their site was quickly back online.

“The only time they were offline after that point was when they supplied us with an invalid Internet Protocol address,” explains Prince with a wry smile, speaking at this year’s South by South West (SXSW) Interactive festival.

For the next 23 days, everyone from government agencies to “white-hat” hackers deluged the site, trying to figure out where LulzSec was hosting its content — which by now included millions of user records stolen from the Sony.com site. “We literally sat in the crossfire of that,” says Prince.

For CloudFlare, the experience was both a blessing and a curse. Its basic service, which LulzSec used, is entirely free. “LulzSec didn’t pay us a cent, but they gave us a lot of pain,” quips Prince, getting a hearty laugh from his audience.

Lulzsec did, in fact, offer to pay for CloudFlare’s services via Twitter, asking for a premium membership “in return for rum“. “It depends on what kind of rum, and how much,” responded Prince. “I have since been advised by council to delete that tweet,” he says with an impish grin.

Despite the pain caused by the experience, which included many sleepless nights for his small team, Prince still sees it as a positive experience. “This turned out to be the kind of pentesting (penetration testing) that money can’t buy. We generated over a million new rules based on these attacks.” These rules now help CloudFlare fight off similar attacks on other sites it services.

If you think a security company working for hackers is bizarre, the on-the-job training it did in unwitting preparation for the LulzSec incident was even more wacky. Soon after it launched in June 2009, CloudFlare started to get lots of sign-ups from Turkish escort agencies.

Prince explains that they soon learnt the reason for this unexpected trend. “While Turkey’s government is secular and tolerant, many people in Turkey are not, and they see these escort agencies as emblematic of everything that’s wrong in their society. So the sites were frequently attacked and brought down. That’s where we came in.”

So, in essence, LulzSec benefited directly from efforts by conservative Turks to stop their louche countrymen from visiting escorts. And that, for Prince, is the beauty of CloudFlare’s model. By sharing the lessons learnt from one attack with the entire network, everyone can benefit and be better protected.

How does CloudFlare work? At the simplest level it’s a “reverse proxy” — all traffic to your sites is routed via their systems, which allows the company to see attacks coming and mitigate against them. This “light touch” model allows it to process huge amounts of traffic — 80bn page impressions per month or 1bn per employee. Prince estimates that 25% of all Web traffic travels through CloudFlare at some point.

But why is Prince daring to reveal these secrets, and possibly bring the wrath of the hacker community down on CloudFlare? He asked them first, of course, and eventually received a laconic e-mail: “You have my permission. — Jack Sparrow.”

On the topic of whether CloudFlare should have blocked LulzSec from using its services, Prince is quite philosophical. “We’re not going to play the censor — it’s not our role.” For Prince that kind of thing represents a “slippery slope” that he feels services like CloudFlare should avoid at all costs.

And what of LulzSec? The hacker collective dissolved just as quickly as it formed, announcing on 26 June 2011 that it was ceasing operations. For Prince the turning point was obvious “when LulzSec knocked Minecraft offline, public sentiment turned against them. Don’t mess with the gamers.”  — Alistair Fairweather, TechCentral

Share this article

Why TechCentral?

We know that as a prospective advertiser, you are spoilt for choice. Our job is to demonstrate why TechCentral delivers the best return for your advertising spend.

TechCentral is South Africa’s online technology news leader. We don’t say that lightly. We believe we produce the country’s best and most insightful online tech news aimed at industry professionals and those interested in the fast-changing world of technology.

We provide news, reviews and comment, without fear or favour, that is of direct relevance to our fast-expanding audience. Proportionately, we provide the largest local audience of all technology-focused online publishers.

We do not constantly regurgitate press releases to draw in search engine traffic — we believe websites that do so are doing their readers and advertisers a disservice. Nor do we sell “editorial features”, offer advertising “press offices” or rely on online bulletin-board forums of questionable value to advertisers to bolster our traffic.

TechCentral, which is edited and written by award-winning South African journalists, cares about delivering top-quality content to draw in the business and consumer readers that are of most interest to technology advertisers.

We’d like the opportunity to demonstrate the value of directing a portion of your advertising budget to TechCentral, whether your company is in the technology field or not. Numerous opportunities exist for companies interested in reaching our audience of key decision-makers in South Africa’s dynamic information and communications technology sector. We offer packages that will deliver among the best returns on investment available in the online technology news space.

For more information about advertising opportunities, and how your organisation can benefit by publicising itself on TechCentral, please call us on 011-792-0449 during office hours. Or send us an e-mail and ask for our latest rate card and brochure.