A map of global DDoS attacks. (Digital Attack Map)
It all started three months ago, when a CloudFlare technician noticed a massive attack against a small site in Ukraine. The content-delivery company offers some level of DDoS protection for free, but only up to a point — once a targeted site clears more traffic than the free network can handle, CloudFlare has to dump it off. The technician glanced at the Ukrainian site — a jumble of Cyrillic characters — then dumped them before the traffic became overwhelming.
"It led to a lot of soul-searching on my part."
It wasn't until the next morning that the company realized why the site had been targeted. It was one of the leading blogs reporting on abuse in Ukraine, presumably targeted by allies of the embattled Yanukovych regime. Without realizing it, the team found themselves helping to stifle the opposition. "It led to a lot of soul-searching on my part," says CEO Matthew Prince. "I mean, we screwed up."
A network of more than 15 nonprofits
Today, CloudFlare is announcing its answer to the problem, a massive anti-DDoS program known as Project Galileo. A network of more than 15 nonprofits — including Access, the American Civil Liberties Union, and the Electronic Frontier Foundation — will watch for sites at risk for politically motivated attacks, forwarding them on to CloudFlare, where they can get professional-level protection for free. The hope is that, under Galileo, sites like the Ukrainian blog will be able to withstand any attack that comes their way.
Political sites can make powerful enemies
It's an urgent project, as sites have come under increasing fire from DDoS attacks. The attack itself is simple, a flood of traffic that overwhelms servers to knock a site offline, but defending against it has proven difficult even for well-funded sites. Earlier this week, the RSS reader Feedly was knocked offline by an extortion attack, an increasingly common tactic that Meetup fell victim to earlier this year. Small-scale political sites are particularly vulnerable, as they can make powerful enemies but lack the resources that private companies can draw on to defend themselves.
CloudFlare and its partners are hoping that, before that happens, the sites will take shelter under Galileo's protective architecture. Prince describes the resources as akin to what CloudFlare would provide a major corporate client — spreading out the traffic across multiple delivery channels and using sophisticated techniques to distinguish good traffic from bad. The names of the client sites are kept confidential, but CloudFlare says they've already signed up nearly 100 sites, and there's essentially no limit to the number of sites Galileo can accommodate.
"I don't want to be in a position where it's just Google or it's just Galileo."
This isn't the first time a company has taken up the cause of DDoS protection for the greater good. Last October, Google launched a similar initiative called Project Shield, which focuses on "sites serving media, elections, and human-rights-related content." Project Shield still hasn't released any user numbers or partner information (Google did not respond to a request for comment), but it seems likely that going toe-to-toe with Galileo will benefit both projects, providing a crucial backup plan for any sites that rely on them. "I don't want a single point of failure," says Access co-founder Brett Solomon. "I don't want to be in a position where it's just Google or it's just Galileo."