Anonymous Targets CloudFlare For Alleged Islamic State Links

Tom Jowitt,
Anonymous © Rob Kints Shutterstock 2012

Security firm accused of protecting Islamic State-affiliated websites from Anonymous hackers

American web services firm CloudFlare has been accused of using its CloudFlare CDN (content delivery network) to protect up to 40 Islamic State websites.

The allegation was made by hacker collective Anonymous, which last week promised to “hunt down” Islamic State supporters following the terrorist attacks in Paris.

Shielding ISIS?

Earlier this week Anonymous also released a “noob guide” that showed how people can join its efforts to take down the online presence of Islamic State (ISIS).

Anonymous is alleging that the CloudFlare CDN, which protects customers against distributed denial of service (DDoS) attacks, is also being used by these terrorists to protect their own extremist websites against Anonymous attempt to down their servers.

This is according to Ghost Security Group, an Anonymous-affiliated “counter-terrorism network”, which counted almost 40 websites that use CloudFlare’s services to protect their content. Apparently, 34 were propaganda websites, four were discussion forums, and two offered technical services.

Matthew PrinceCloudFlare has previously acknowledged that questionable and offensive websites use its network. In July 2012 for example, CloudFlare’s CEO Matthew Prince publicly admitted that offensive material is protected by its service, but he said that it did so because of its belief in free speech.

CloudFlare was launched back in September 2010, and came to prominence in 2012 when it emerged at the RSA 2012 conference it had hacktivist group LulzSec on its network. LulzSec’s website stayed online largely because of CloudFlare’s technology, which consists of nodes dispersed around the world that help deliver websites quicker to end users in whatever geographical location they are in.

The service also swallows up any peaks in traffic for its customers, so it is well known for offering decent protection against distributed denial of service (DDoS) attacks. When black hat hackers and, allegedly, US law enforcement agencies tried to take the LulzSec site down, they failed, as CloudFlare’s 40 or so data centres acted as Web-based punching bags.

CloudFlare Denial

When these allegations surfaced, CloudFlare’s CEO Matthew Prince told Fox News that the company takes the allegations very seriously, but he insisted that the allegations against his firm were inaccurate.

“Anonymous published a list of 40 sites that they alleged to be actual ISIS sites,” Prince told Fox News. “We ran that by law enforcement organisations and there was no request to take any of those sites off our network. In fact in some cases, they asked us specifically to keep those sites on our network.”

“We were quite surprised, not only to not have any orders to take any of the sites offline, but to see that actually a lot of the sites that Anonymous had identified actually weren’t related to ISIS at all. Some were Chechnyan rebel sites, some were Kurdish sites, some were Palestinian sites,” he said.

Cloudflare’s CEO said that Anonymous is making the claims out of frustration.

“What they’re [Anonymous] really good at is knocking sites offline, except if they are behind CloudFlare,” Prince said. “So why they have a beef to pick with us is because we’re really good at stopping denial-of-service attacks.”

Anonymous meanwhile continues to urge people and businesses to boycott the company altogether.

Are you a security pro? Try our quiz!