An inside view of LulzSec's hacking rampage

@CNNMoneyTech February 29, 2012: 7:31 AM ET
CloudFlare CEO Matthew Prince discusses cybersecurity and threats from hackers at the RSA conference.

CloudFlare CEO Matthew Prince discusses cybersecurity and threats from hackers at the RSA conference.

SAN FRANCISCO (CNNMoney) -- On June 2, hacktivist collective "LulzSec" burst onto the cybersecurity scene with a splashy exploit: It published a trove of data stolen from 1 million user accounts on Sony's website.

LulzSec's website immediately crashed under a massive traffic attack from foes seeking to hack the hackers. Within the hour, LulzSec signed up for a website optimization service called CloudFlare -- and nine minutes later, its site was back online.

That's how CloudFlare, a Silicon Valley startup with a staff of 30, found itself in the middle one of the year's biggest cybersecurity battles.

"Everyone -- from three-letter government agencies to white-hat hackers to black-hat hackers -- spent the next 23 days trying to discover, 'Where exactly is Lulz hosted, and how can we knock them offline?," said CloudFlare CEO Matthew Prince. "We literally sat in the crossfire of that."

LulzSec burned bright and fast. It followed the Sony hack with a string of high-profile feats -- including crashing the CIA's website -- then abruptly announced its retirement and shut down.

Eight months later, Prince shared his war story during a packed session at RSA's annual security conference in San Francisco.

"When they took down the CIA's website, that was a difficult day for us," Prince said dryly. "We made a lot of friends with some government agencies."

New cybersecurity reality: Attackers are winning

CloudFlare provides an invisible but vital Web service: It speeds up the performance of websites and protects them from traffic surges and attacks. That's something typically handled by large vendors like Akamai (AKAM) and Level 3 (LVLT). Launched less than two years ago, CloudFlare shook up the industry by offering many of its services at no cost.

That's what drew LulzSec in. With a name and e-mail address, customers can sign up on ClouldFlare's website for free and start using it seconds later. LulzSec offered its enthusiastic endorsement, tweeting out: "We love CloudFlare, Mr. CEO of CloudFlare."

CloudFlare wasn't sure it loved LulzSec.

"This was a little bit of an existential crisis for us. We sat back and thought, 'Is this who we want to have on our network?'" Prince said.

The company decided to keep LulzSec for two reasons. One, it didn't want to go down the "slippery slope" of censoring which sites it serves. And second, it wanted to see what a lightning rod like LulzSec would do to its network.

Prince calls LulzSec's 23-day rampage the kind of stress-test money can't buy.

In terms of actual traffic and attacks, LulzSec turned out to be a fairly run-of-the-mill customer.

On its busiest day, the LulzSec site did around 6.3 million pageviews -- a minuscule fraction of the 30 billion pageviews a month CloudFlare now supports. LulzSec drew a constant stream of "denial of service" (DDoS) attacks, which aim to shut a site down by overwhelming its servers with traffic, but they too were fairly routine.

"On the peak day, they got about 21 GB of attack traffic," Prince recalled. "We had an attack this morning that got 30 GB of traffic per second."

DDoS attacks are typically viewed by security pros as more of a prank than a serious attack. They're low-tech, short-lived and don't involve any actual data breaches. The target site simply crashes until the traffic deluge dies down.

But they're becoming a tool of choice for cybercriminals. CloudFlare's network has seen a 700% increase in DDoS attacks over the past year.

As an example, Prince offered up the case of the "Valentine's Day Massacre." On Feb. 13, around 1,000 small-time florists got an e-mail instructing them to send $1,000 to an account in China or face a website blackout the next day. FTD.com worked with CloudFlare to keep the florists' sites online.

Prince said he envies that level of coordination.

"The real talent these hacking groups like Anonymous have is not hacking skill but the ability to get a lot of people to move in the same direction," he said.

In the end, Prince said that was one of his biggest takeaways from L'affair LulzSec.

"The LulzSec folks caused real harm," he said. "It's cute and it's fun and they were sort of media darlings, but if we are going to defeat organizations like this, we have to start adopting some of their tactics. We have to start working together more as a community." To top of page

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.