Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      The little-known company disrupting Eskom’s monopoly

      16 June 2025

      TechCentral Nexus S0E2: South Africa’s digital battlefield

      16 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Beijing’s chip champions blacklisted by Taiwan

      16 June 2025

      Chief sub-editor wanted – help shape South African tech media

      16 June 2025
    • World

      Yahoo tries to make its mail service relevant again

      13 June 2025

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » News » Behind the scenes at LulzSec: no laughing matter

    Behind the scenes at LulzSec: no laughing matter

    By Editor15 March 2012
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp
    The LulzSec logo

    Imagine you’re the CEO of an Internet security start-up. Now imagine one of the world’s most notorious hacker groups signs up for your service, to help protect their own website from attacks. What do you do?

    That’s exactly the dilemma Matthew Prince, CEO and founder of CloudFlare, faced in June 2011. LulzSec — short for Lulz Security — was a hacker collective formed in May 2011 which quickly achieved infamy by hacking the Fox Network and PBS and publishing portions of their private data.

    When LulzSec launched its own site in June, it was immediately attacked in retaliation and brought down within 45 minutes by a distributed denial-of-service attack (DDoS). The hackers signed up for CloudFlare — which specialises in deflecting these kinds of attacks — and their site was quickly back online.

    “The only time they were offline after that point was when they supplied us with an invalid Internet Protocol address,” explains Prince with a wry smile, speaking at this year’s South by South West (SXSW) Interactive festival.

    For the next 23 days, everyone from government agencies to “white-hat” hackers deluged the site, trying to figure out where LulzSec was hosting its content — which by now included millions of user records stolen from the Sony.com site. “We literally sat in the crossfire of that,” says Prince.

    For CloudFlare, the experience was both a blessing and a curse. Its basic service, which LulzSec used, is entirely free. “LulzSec didn’t pay us a cent, but they gave us a lot of pain,” quips Prince, getting a hearty laugh from his audience.

    Lulzsec did, in fact, offer to pay for CloudFlare’s services via Twitter, asking for a premium membership “in return for rum“. “It depends on what kind of rum, and how much,” responded Prince. “I have since been advised by council to delete that tweet,” he says with an impish grin.

    Despite the pain caused by the experience, which included many sleepless nights for his small team, Prince still sees it as a positive experience. “This turned out to be the kind of pentesting (penetration testing) that money can’t buy. We generated over a million new rules based on these attacks.” These rules now help CloudFlare fight off similar attacks on other sites it services.

    If you think a security company working for hackers is bizarre, the on-the-job training it did in unwitting preparation for the LulzSec incident was even more wacky. Soon after it launched in June 2009, CloudFlare started to get lots of sign-ups from Turkish escort agencies.

    Prince explains that they soon learnt the reason for this unexpected trend. “While Turkey’s government is secular and tolerant, many people in Turkey are not, and they see these escort agencies as emblematic of everything that’s wrong in their society. So the sites were frequently attacked and brought down. That’s where we came in.”

    So, in essence, LulzSec benefited directly from efforts by conservative Turks to stop their louche countrymen from visiting escorts. And that, for Prince, is the beauty of CloudFlare’s model. By sharing the lessons learnt from one attack with the entire network, everyone can benefit and be better protected.

    How does CloudFlare work? At the simplest level it’s a “reverse proxy” — all traffic to your sites is routed via their systems, which allows the company to see attacks coming and mitigate against them. This “light touch” model allows it to process huge amounts of traffic — 80bn page impressions per month or 1bn per employee. Prince estimates that 25% of all Web traffic travels through CloudFlare at some point.

    But why is Prince daring to reveal these secrets, and possibly bring the wrath of the hacker community down on CloudFlare? He asked them first, of course, and eventually received a laconic e-mail: “You have my permission. — Jack Sparrow.”

    On the topic of whether CloudFlare should have blocked LulzSec from using its services, Prince is quite philosophical. “We’re not going to play the censor — it’s not our role.” For Prince that kind of thing represents a “slippery slope” that he feels services like CloudFlare should avoid at all costs.

    And what of LulzSec? The hacker collective dissolved just as quickly as it formed, announcing on 26 June 2011 that it was ceasing operations. For Prince the turning point was obvious “when LulzSec knocked Minecraft offline, public sentiment turned against them. Don’t mess with the gamers.”  — Alistair Fairweather, TechCentral

    • Subscribe to our free daily newsletter
    • Follow us on Twitter or on Google+ or on Facebook
    • Visit our sister website, SportsCentral (still in beta)


    CloudFlare Lulz Security LulzSec Matthew Prince
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleLight: the final (communications) frontier
    Next Article Datatec set to crack $5bn in sales

    Related Posts

    Cloudflare says state hackers tried to burrow into its global network

    2 February 2024

    World hit by biggest-ever DDoS attack

    12 October 2023

    Cloudflare won’t stop working with Russian clients

    8 March 2022
    Company News

    Huawei Watch Fit 4 Series: smarter sensors, sharper design, stronger performance

    13 June 2025

    Change Logic and BankservAfrica set new benchmark with PayShap roll-out

    13 June 2025

    SAPHILA 2025 – transcending with purpose, connection and AI-powered vision

    13 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.