Thursday, June 2, 2011 was an otherwise unremarkable day in our office until we got word that LulzSecurity.com, a site that had quietly registered for CloudFlare earlier the same day, had allegedly published information it obtained from hacking the Sony Pictures' website.
Within hours of the publication we got notes from concerned individuals asking us to remove LulzSecurity.com's website. To some extent, these requests were borne out of confusion. CloudFlare is a network provider, most closely akin to an ISP, not a hosting provider. Thousands of websites sign up for CloudFlare every day in order to be, on average, twice as fast and be protected from a number of security threats ranging from comment spam to DDoS attacks. Because of the nature of our service, unlike a hosting provider, if we had removed LulzSecurity.com or any other website from CloudFlare it would not have removed the content from the Internet. As I noted to several reporters who asked me, the only difference would have been the site wouldn't have loaded as fast.
Beyond speed, the other benefit we provided LulzSecurity.com, and every other website that uses CloudFlare, was security. So-called "black hat" hackers are not, it turns out, one unified group. Soon after LulzSec rose in prominence, several other groups launched significant DDoS attacks to knock them offline. CloudFlare mitigated those attacks.
Two broad points that I've drawn from the experience of watching this unfold over the last three weeks. First, CloudFlare is firm in our belief that our role is not that of Internet censor. There are tens of thousands of websites currently using CloudFlare's network. Some of them contain information I find troubling. Such is the nature of a free and open network and, as an organization that aims to make the whole Internet faster and safer, such inherently will be our ongoing struggle. While we will respect the laws of the jurisdictions in which we operate, we do not believe it is our decision to determine what content may and may not be published. That is a slippery slope down which we will not tread.
Second, the experience of being attacked by some of the Internet's most notorious hackers has validated CloudFlare's core value proposition: if you can share data about attacks across a network, rather than keeping it siloed within each organization, everyone using that network can benefit. As hackers tried to take down LulzSec, CloudFlare recorded all the patterns of the attacks. In the last 3 weeks, we've generated more than 1 million new rules to better mitigate threats targeted at our users. Those rules were propagated in realtime to benefit the whole CloudFlare community. We've written about this benefit previously and it was truly awesome to watch as the system rapidly got smarter and smarter as more attacks were launched. While we will never stop every attack, we will also never stop learning.
Today CloudFlare is stronger than it was yesterday, and tomorrow it will be stronger still.