CloudFlare: What we learned while in the trenches with LulzSec
The notorious LulzSec announced the existence of LulzSecurity.com in a simple tweet on June 2, 2011. Within minutes that website was taken down by other hackers. However, less than an hour later LulzSec was back, and this time the site stayed up, at least until its announced "retirement" about three weeks later. What changed during that hour?
It turns out that LulzSecurity.com signed up with CloudFlare, a San Francisco-based Web acceleration and security company that "protects and accelerate hundreds of thousands of websites." Matthew Prince, CloudFlare Co-Founder and CEO, will expound in detail on the experience at an RSA Conference briefing Tuesday afternoon. I caught up with him ahead of time for an early scoop on the talk.
Prince explained that CloudFlare has over 250,000 websites using the service, from bloggers to ecommerce sites to governments. They get a new customer almost once per minute, and protection is automatic and immediate as soon as the customer signs up. There's no sales staff checking out each new customer, so the company didn't realize this particular customer was unusual until the attacks started.