Tag Archives: Project Galileo

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

Post Syndicated from Jocelyn Woolbright original https://blog.cloudflare.com/project-galileo-sixth-anniversary/

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

Consistent with our mission to “help build a better Internet,” Cloudflare believes that one of the most important roles for the Internet is to empower marginalized voices that may not be heard, or bring together oppressed groups of people that may otherwise find themselves isolated and alone. Six years ago, Cloudflare started Project Galileo to provide free services to vulnerable nonprofits, journalism and independent media voices online who might otherwise be in danger of being silenced by cyberattacks. Much has changed in the past couple of months as the COVID-19 pandemic has transformed the world while the United States faces a wave of protests addressing racial violence and inequality. These events have put further strain on vulnerable groups working in these spaces, and we have seen many organizations step up to ensure that those who are most affected by these circumstances are protected. At Cloudflare, we believe that protecting these groups from attack is essential to helping build a better Internet.

We are excited to mark the 6th anniversary of the project this month, and it is a good time for us to reflect, talk to participants, and see how the Project has grown and changed over the course of the previous year. This year, the spread of COVID-19 and the global response to the pandemic has shown us new ways that Project Galileo can help. Our goal for the 6th anniversary of Project Galileo is to share updates and stories from the field from organizations that have stepped up in this time of uncertainty.

Earlier this week, we published a blog post on the increase in cyberattacks on advocacy organizations fighting racism. We believe that these stories of racial injustice in the United States need to be heard and we are committed to ensuring groups working in fighting racism, promoting inclusiveness and diversity get the protections they need. While we will continue to update on those ongoing events, we want to take the time to share additional stories from heroes in Project Galileo.

A year ago, we reported that we were protecting nearly 600 organizations and partnering with 28 civil society organizations to identify and provide services to politically and artistically vulnerable entities on the Internet. A single year has brought us more than a 60 percent increase in the total number of participants in the project, with more than 1,000 participants currently receiving Cloudflare’s security protections in every region of the world.

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

We’ve also added eight new civil society partners, working in areas from promoting the arts to aiding democratic movements to protecting human rights. Since we rely on our partners to identify and approve requests from important organizations working in these areas, expertise that we simply don’t have, one of our goals in the last year was to increase our partnerships with civil society organizations to expand our protections in new geographic regions. We are constantly looking for partners around the world to identify at-risk groups to ensure they have the tools they need to stay online. Our new partners on Project Galileo are:

  • Center for International Media Assistance & National Endowment of Democracy
  • DefendDefenders
  • Freedom House
  • International Republican Institute
  • Open Briefing
  • PEN America
  • The Carter Center
  • The Internet Society

One of our new partners, The Carter Center, joined the Project as a partner in September 2019. The Carter Center works in 80 countries in areas such as election monitoring, democratic institution-building, and supporting human rights defenders. With their expertise in promoting human rights, we knew they would be an important addition to help identify at-risk organizations in need of our security protections.

“Project Galileo plays a crucial role in helping to safeguard election observers, human rights activists, and independent media from malicious actors that aim to silence their voices.”

Michael Baldassario, the Sr Advisor on Digital Threats to Electoral Integrity for the Carter Center

On the anniversary, we’d like to share in this section the stories of our participants, to provide some insight of the variety and commitment of organizations trying to do good during a time of significant adversity, and how ongoing access to the power and scope of the Internet plays an essential role in doing that work.

Before we talk about the general groups of websites that participate in the Project, we think it’s worth taking a moment to highlight a couple of organizations that specifically work on COVID-19 relief efforts.

COVID-19 Relief Efforts

In the past couple months, we have seen an increase in applications for Project Galileo related to COVID-19 relief efforts from entities that have spearheaded initiatives such as symptom tracking sites, personal protective equipment donation, DIY mask creation and other related efforts. One of these groups is CoronaSafe. CoronaSafe is a guide and collection of tools built as an open-source public utility for the Kerala State government in India on how to stay safe during the pandemic. These projects include access to information available for tracking the spread of COVID-19, telemedicine options, food delivery networks, tracking hospital capacity, ambulance networks and maps of COVID-19 hotspots in the Kerala region. They joined Project Galileo in March 2020 and in two weeks they launched 20 projects in multiple languages.

“We’re seeing thousands of new visitors each week that are looking for information and resources about COVID-19 across our multiple domains. We’ve seen attacks trying to get to us and huge spikes in traffic since March when we launched, and Cloudflare has kept us up and running through it all.”

Bodhish Thomas, CoronaSafe

In Germany, we have seen initiatives such as Digital Waitingroom, a platform that simulates a doctor’s visit, providing information on symptoms associated with COVID-19. The platform implements interfaces to information services, health authorities, medical practices, hospitals, laboratories, databases, and other digital processes in order to handle the tasks with the least possible effort and the highest possible transparency for the patient.

In the education space, Freifunk Munich joined Project Galileo in March of 2020 as it started creating an online conference system specifically for families during COVID-19.

“When COVID-19 sprung up, we launched a video conferencing service for schools so that they could access online learning. Almost immediately we saw an increase in DDoS attacks that threatened to take down our whole operation.”

Annika Wickert, Freifunk Munich

Education and teaching have moved online as many schools and universities race to adopt e-learning alternatives. The FBI’s Internet Crime Complaint Center (IC3) warned that attackers could take advantage of COVID-19 by increasingly targeting virtual environments, including those utilized by school districts.

In Australia, #BeatCovid19Now was accepted into the project in March 2020. #BeatCovid19Now is a symptom tracker led by researchers at the Centre for Global Health and Equity with help from data scientists at the Swinburne University of Technology. The tracker provides daily symptom tracking while collecting information for research purposes to help future decision-makers, health authorities, and researchers to better understand pandemics.

“Our team was able to distribute our Covid-19 symptom tracker internationally and concentrate on predicting and preventing outbreaks without worrying about malicious attacks that might expose sensitive information to hackers. The integration was seamless and until I was receiving the reports I hadn’t appreciated just how important it was to employ such a service.”

Matthew Bailes, Professor and the Director of the ARC Centre of Excellence for Gravitational Wave Discovery.

The website handles sensitive information, and with SSL encryption and web application firewall, they are easily able to secure this information against cyberattacks with Cloudflare.

Social Welfare and Community Building Organizations

Approximately 35% of Project Galileo participants work in social welfare and community building, education, environment/disaster relief, and global health. Since the spread of COVID-19, many of our Project Galileo participants in this space have shifted their attention to relief efforts – delivering essential personal protective equipment, emergency food distributions, and assisting front line defenders in the regions hit hardest by the virus.

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

One of these organizations is The Water Project, which joined Project Galileo in 2017. The organization was founded in 2007 with the mission of providing reliable access to clean water and proper sanitation in communities in sub-Saharan Africa. Since April 2020, The Water Project has expanded its scope in health and hygiene work to include COVID-19 prevention training in more than 700 communities in the region.

Although it may defy logic based on the nature of their work, the project needs protection against cyberattacks that seek to disrupt their operations.

“Our website is where all of our donors, team members, partners, and communities come together to learn about our work, manage project data, track impact and performance, and offer support. If it doesn’t work, we don’t work and the communities we serve suffer.”

Peter Chasse, President and Founder of The Water Project

During the pandemic, we are also supporting many organizations that work in providing emotional support through hotlines and mental health services, such as The MIX UK, who has been a member of the project since 2017. In response to the pandemic, The Mix is extending its services to phone, chat, and online helplines while also providing a series of resources available to young people with information on how to cope during the pandemic.

Similarly, Samaritans, a charity working in the United Kingdom and Ireland with over 20,000 volunteers and 200 branches, recently joined Project Galileo. Samaritans provide round-the-clock emotional support and campaigns to make suicide prevention a national and local priority. In their application for Project Galileo, they requested an onboarding session for Cloudflare for Team products as all their volunteers are working from home due to the coronavirus outbreak.

“Cloudflare for Teams enables staff to continue to securely access and maintain our highly critical systems, and ensure that we can continue to provide emotional support to people in desperate need.”

Francis Bacon, Asst Director, Digital Services and Change of Samaritans

Due to the spread of COVID-19, many people have had to change their daily routine while managing the fear of contracting the virus. In the eight weeks since lockdown in the UK, Samaritans has provided emotional support to more than 400,000 people with 1 in 3 people mentioning COVID-19 related anxiety, as is the common theme among many of the calls. These types of emotional support services are essential to many people’s livelihood and working to ensure that people have the tools they need to alleviate their suffering is crucial.

Environmental Organizations

Approximately 5% of Project Galileo participants are nonprofit organizations with an environmental focus.

Citizens of the Great Barrier Reef, for example, has been protected under Galileo since the organization’s launch in 2017. Citizens of the Great Barrier Reef is an environmental conservation organization with an important mission, to conserve, protect, and restore the Great Barrier Reef through public engagement and service. With only four full-time employees based in Cairns, Australia, the organization utilizes the internet to extend reach and rally thousands of people to join their mission. Cloudflare’s caching features has allowed the organization to reduce bandwidth costs, which is incredibly important for organizations working on restricted budgets, and secure their origin server from large bursts of traffic or malicious actors attempting to access the website.

“Under Project Galileo, we can remain fully operational as a web-fronted organization with a small team and the budget of a local cafe.

Som Meaden, Technologist at the Citizens of the Great Barrier Reef

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

Independent media and journalism

Nearly a quarter – 23 percent – of the organizations participating in the Project are related to journalism and independent media.  At the beginning of the COVID-19 pandemic, we saw a significant increase in traffic to journalism and media sites under Project Galileo. National and local media sites have been crucial in providing authoritative information during the pandemic and providing efficient updates on virus mitigation efforts and community developments.

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

The importance of securing independent media and journalism sites from cyberattacks is crucial for organizations under Project Galileo, especially during a time where accurate information is critical.

“Amid the COVID-19 global health crisis, independent news outlets in many countries have reported an uptick in cyberattacks aimed at pulling them offline. These attacks are most likely coming from increasingly sophisticated authoritarian regimes that are targeting them for their factual reporting, which often exposes the government’s mishandling of the pandemic.”

Daniel O’Maley, Digital Policy Specialist at the Center of Intl Media Assistance at the National Endowment for Democracy

CIMA/NED recently joined Project Galileo as a partner and has helped identify and support these groups to ensure the free flow of information.

Civil Society and NGO

Civil society and non-governmental organizations make up 16% of organizations under Project Galileo.

For the International Policy Center for Inclusive Growth, a global forum that brings together economists, political scientists, and experts in the field of international relations to help fight global poverty and reduce inequality in the Global South, the security of their web infrastructure is a top priority. Since the beginning, they have had more than 7.6 million downloads of their policy publications in over 179 countries. When they launched their online, member-based knowledge sharing and capacity building platform in 2019, they suffered a DDoS attack. The site was dealing with extended bouts of downtime and unreliability in a particularly sensitive time — an online training on social policies was about to be offered to dozens of participants in sub-Saharan Africa. With a rising profile, IPC-IG contacted Cloudflare to prevent attacks on its website.

“In a matter of hours, IPC-IG’s website was not only protected from attacks but protected at no cost.”

Patricia Cavallari, Sr Knowledge Management Assistant at IPC-IG.

Currently, through their online platform, Social Protections, an inter-agency task-force to map social protection responses to the COVID-19 crisis, they are gathering resources and promoting webinars to discuss policy alternatives.

Cloudflare’s Commitment to Protect

Since 2014, we have promised to protect organizations working in these spaces to ensure they are not censored or taken offline by cyberattacks. Although the world has changed dramatically,  we continue to stand by our promise to protect these organizations and ensure they have the tools they need to stay online. If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

Project Galileo’s 6th year Anniversary: The Impact of COVID-19 on the most vulnerable groups on the Internet

Cyberattacks since the murder of George Floyd

Post Syndicated from Matthew Prince original https://blog.cloudflare.com/cyberattacks-since-the-murder-of-george-floyd/

Cyberattacks since the murder of George Floyd

As we’ve often seen in the past, real world protest and violence is usually accompanied by attacks on the Internet. This past week has been no exception. The shocking murder of George Floyd on May 25 was followed, over the weekend of May 30/31, by widespread protests and violence in the US. At the same time, Cloudflare saw a large uptick in cyberattacks, particularly cyberattacks on advocacy organizations fighting racism.

This chart shows the number of cyberattack HTTP requests blocked by Cloudflare over the last week (blue line) compared to the corresponding week in April a month before (green line). Cloudflare’s scale means that we are blocking attacks in the many 10s of billions per day, but even with that scale it’s clear that during the last week there have been even more attacks than before. And those attacks grew over the weekend.

Cyberattacks since the murder of George Floyd

Digging in a little deeper we can compare the attacks over this past weekend with a corresponding weekend a month before. Over the weekend of April 25/26, Cloudflare blocked a total of 116,317,347,341 (a little over 116 billion cyberattack HTTP requests performing DDoS or trying to break into websites, apps or APIs were blocked).

Since 116,317,347,341 can be a little hard to comprehend, here’s another way of looking at it. 116,317,347,341 cyberattack HTTP requests over a two day period is more than 670,000 blocked requests per second. Google reportedly sees approximately 63,000 search queries per second, so the number of attacks we mitigated during this period was more than 10x Google’s entire search volume.

A month later, over the weekend of May 30/31, Cloudflare blocked 135,535,554,303 cyberattack HTTP requests. That represents a month-on-month increase of 17%: an extra 19,218,206,962 (19 billion) cyberattack HTTP requests were blocked (an extra 110,000 blocked requests per second).

Cyberattacks since the murder of George Floyd

Sunday, May 31 had the largest increase with 26% more cyberattacks than the same Sunday a month prior.

Digging into the categories of Internet properties that were attacked, we see a striking difference between the two weekends in April and May. The category with the biggest increase in cyberattacks was Advocacy Groups with a staggering increase of 1,120x.

Cyberattacks since the murder of George Floyd

In fact, those groups went from having almost no attacks at all in April, to attacks peaking at 20 thousand requests per second on a single site.

One particular attacker, likely using a hacked server in France, was especially persistent and kept up an attack continuously hitting an advocacy group continuously for over a day. We blocked those malicious HTTP requests and kept the site online.

Cyberattacks since the murder of George Floyd

We’ve also seen cyberattacks against other categories of Internet property change significantly between April and May. Attacks on Government websites (including police and fire departments) are up 1.8x and attacks on Military websites are up 3.8x month on month.

Since the murder of George Floyd there’s also been a large increase in attacks on US government web sites.

Cyberattacks since the murder of George Floyd

Project Galileo

Nearly six years ago, Cloudflare founded Project Galileo because we noticed a disturbing trend of disproportionate attacks against at-risk organizations and individuals that were advocating for marginalized groups. Project Galileo was set up to provide protection from cyberattacks for vulnerable targets, like artistic groups, humanitarian organizations, and the voices of political dissent. In our six years of protecting organizations under Project Galileo, we have often seen online attacks used in combination with physical violence and threats.

There are many organizations fighting racism who participate in Project Galileo. Over the last week we’ve seen a dramatic increase in the number of cyberattacks against them.

Cyberattacks since the murder of George Floyd

The whole Cloudflare community is deeply disturbed by the murder of George Floyd, and the shocking images of racial injustice playing out in our cities. We have been listening carefully to those who have taken to the streets in protest to demand justice and an end to structural racism, and believe that their powerful stories can serve as catalysts for real change. But that requires them to be heard. Unfortunately, if recent history is any guide, those who speak out against oppression will continue to face cyberattacks that attempt to silence them.

Cloudflare remains committed to making sure that they can continue to function in the face of these attacks, regardless of their resources or the size of the attack. If you know of an organization or group helping to fight racism that needs Project Galileo’s protection, please let them know we’re here and ready to help.

Helping with COVID-19 Projects: Cloudflare Workers now free through Project Galileo

Post Syndicated from Rita Kozlov original https://blog.cloudflare.com/helping-with-covid-19-projects-cloudflare-workers-now-free-through-project-galileo/

Helping with COVID-19 Projects: Cloudflare Workers now free through Project Galileo

Helping with COVID-19 Projects: Cloudflare Workers now free through Project Galileo

The Internet has been vital to our response to the COVID-19 crisis: enabling researchers to communicate with the rest of the world, connecting resources with people who need them, and sharing data about the spread.

It’s been amazing to see some of the projects people have stood up on Cloudflare Workers to assist during this crisis. Workers allows you to get set up in minutes, it’s fast and scalable out of the box, and there’s no infrastructure to maintain or scale, which is great if you want to create a project quickly.

To support critical web projects that help in the fight against the COVID-19 pandemic, we’re giving free access to our Cloudflare Workers compute platform through Project Galileo. We believe sites, apps, APIs, and tools that can help people with COVID-19 are exactly the type of critically important projects that Project Galileo was designed to support.    

Free Cloudflare Workers

One of the earliest impacts of the COVID-19 crisis was the switch that many organizations made to a fully remote model. As that happened, and we realized that many organization’s VPNs were not up to the task of scaling to support this increased load, Cloudflare made Cloudflare for Teams free through at least September 1, 2020.

If you’re working on a COVID-19 related project, follow the Project Galileo link and submit a request — we’ll get back to you as quickly as we can. And if you’re interested in getting started with Workers, there are some links at the bottom of the post that will help.

Example Projects

Amidst all the devastating news, it’s been really inspiring to see  developers jump in and build tools to help the public through the pandemic. We are excited to share a few of the stories they’ve shared with us.

API-COVID19-In

API-COVID-19-In, built by Amod Malviya, is an API for tracking COVID-19 cases in India, sourced from The Ministry of Health and Family Welfare and separately from unofficial sources.

“I created api-covid19-in to make it easier for people working all over India to contribute to fighting this situation — be it by creating mass transparency (the aggregate data API), or detecting patterns (the crowd sourced patient data API), or planning (hospital beds API)”.

Why Workers?

  • Very simple to be up & running. From the first code being written, to being up and running happened in less than an hour.
  • Better than the alternatives of maintaining an Origin (higher cost), or exposing it via Github pages (can’t do compute on every call).
  • Not having to be worried about scaling or performance.

MakeFaceMasks

A few weeks ago, a Belgian grassroots movement of makers started to brainstorm on how they can fight the COVID-19 crisis. One of the projects is MakeFaceMasks. They have created a DIY manual to sew masks, which has been approved by the Belgian Government.

Why Workers?

  • We could automate our development/translation flow. This allowed us to quickly generate translated versions of the website.
  • Websites are deployed automatically with Github Actions.
  • Handle the load: the day we launched we immediately attracted 100,000 unique visitors with any downtime.

Mask A Hero NY

Mask a Hero NY is a volunteer-run site that matches medical professionals that need Personal Protective Equipment (PPE) during the COVID-19 pandemic with people that can donate it.

“We launched it about 2 weeks ago. The COVID-19 situation in New York is very worrying. My friends that are doctors are doing everything they can to help and they saw a lot of people on Facebook groups offering to donate small amounts of PPE, but it was hard for these people to know where it was needed the most and coordinate pickups. So my friends reached out to me to see if I could help. I pulled in my colleague MJ, and we designed and built the site in about 2 days.

The site has been a big success so far. It has facilitated over 27,000 mask donations already with a lot more to come this week. It’s been featured on NBC News, CBS, MSNBC, on Katie Couric’s social media and newsletter, some NY-area newspapers, and more. That matters because each feature has been followed by an increase in donation submissions. The site has facilitated donations to a variety of large and small hospitals and medical departments that are feeling the strain during this time. We’re really proud of the impact so far but want to do even more to help these medical professionals.”

Why Workers?

“When we built the site, we wanted the absolute easiest and most straightforward tech stack. It’s a 4-page site with no dynamic information. A static site generator was the obvious choice, so I chose Jekyll. Then for hosting, the last thing I want to deal with on a static site is complex server configuration and uptime. Workers Sites is super easy to deploy – I just run wrangler publish after a Jekyll build. Workers Sites handles cache breaking and has Cloudflare’s caching built-in. Most importantly, I don’t have to worry about the site going down. We’ve seen big traffic spikes after being featured in the media. The site has never gotten slower and I don’t have to worry. Cloudflare Workers Sites lets us concentrate on helping the people that need it instead of spending time managing hosting.”

CovidTracking API

The COVID Tracking Project collects and publishes the most complete testing data available for US states and territories. The project emerged from a tweet of a Google Sheets spreadsheet, where someone was keeping tabs on the testing from each state.

“I had been making something similar but Jeff Hammerbacher had a more complete version. After Jeff combined forces with Alexis Madrigal I thought it best to use the data they had. Since we’ve used Google Sheets to power websites in the past I thought I should spin up a quick service that fetches the sheet data from Google and make it available as JSON for people to use.”  

Why Workers?

“Google often requires an API key or has some strange formatting. I just wanted an array of values that reflected the sheet rows. No long complicated URL. I picked Cloudflare Workers because it works really well as a serverless proxy.

At first the Worker was just a simple proxy, making an API request for every Worker request. Then I added cf: { cacheEverything: true, cacheTtl: 120 } to the fetch() options so Cloudflare could cache the fetch result. Caching the source is great but still requires having to decode, modify and serialize on every request. Some endpoints requested XML from AWS. Since it takes some time to parse really big XML strings we started seeing errors that the process was taking longer than 50ms CPU time. Cloudflare had to (generously) increase our limits to keep things running smoothly.

Not wanting consumers of our API to be kept waiting while the servers crunched the data on every request we started using Cloudflare Key Value storage for saving the parsed and serialized result. We put a TTL limit (like an hour) on every file saved to the KV store. On a new request we return the previous generated result from the cache first and then lookup the TTL of the item and if it’s more than 5 minutes old we make a new request and save it to the cache for next time. This way the user gets a fast result before we update an entry. If no user makes a request for an hour the cached item expires and the next request has to wait for a full process before response but that doesn’t happen for the popular endpoint/query options.”

Get Started

If you’re building a resource to help others cope with COVID-19, and getting started with Workers, below are a few resources to get you started:

  • Workers Sites: allows you to deploy your static site directly to Cloudflare’s network, with a few simple commands. Get started with our tutorial, or video.
  • Tutorials: check out our tutorials to get started with Workers. We’ve highlighted a couple below that we think might be especially useful to you:
  • Localize a website: make your website accessible to an even greater audience by translating it to other languages.
  • Chat bot: with more people using chat for remote communication, chat bots can be a great way to make information more easily accessible at the public’s fingertips.
  • Template gallery: our template gallery is designed to help you build with Workers by providing building blocks such as code snippets and boilerplate. For example, if you are writing an API, we suggest getting started using our Apollo GraphQL server boilerplate.
  • HTMLRewriter API: the HTMLRewriter is a streaming HTML parser with an easy to use selector based JavaScript API for DOM manipulation, available in the Cloudflare Workers runtime. With so much disparate information on the web, many services that provide data about COVID-19 rely on scraping and aggregating data from multiple sources. See an example of the HTMLRewriter in action here to learn how you can use it to extract information from the web.
  • Want to help, but not sure what to build? Our Built with Workers gallery features projects utilizing Workers today to give you an idea of the possibilities of what you can build with Workers.

Project Galileo: the view from the front lines

Post Syndicated from Erin Walk original https://blog.cloudflare.com/project-galileo-the-view-from-the-front-lines/

Project Galileo: the view from the front lines

Growing up in the age of technology has made it too easy for me to take the presence of the Internet for granted. It’s hard to imagine not being able to go online and connect with anyone in the world, whether I’m speaking with family members or following activists planning global rallies in support of a common cause. I find that as I forget the wonder of being connected, I become jaded. I imagine that many of you reading this blog feel the same way. I doubt you have gone a month, or even a week, this year without considering that the world might be better off without the Internet, or without parts of the Internet, or that your life would be better with a digital cleanse. Project Galileo is my antidote. For every person online who abuses their anonymity, there is an organization that literally could not fulfill their purpose without it. And they are doing amazing work.

Project Galileo: the view from the front lines

Working with Participants

As program manager for Project Galileo, Cloudflare’s initiative to provide free services to vulnerable voices on the Internet, a large portion of my time is spent interacting with the project’s participants and partners. This includes a variety of activities. In my organizational role, I reach out to our partnering organizations, such as the National Democratic Institute and the Center for Democracy and Technology, about sponsoring new recipients. I also help recipients onboard their websites and technically explain our product and how it works. Answering emails from Project Galileo recipients is my favorite part of every day. I can still remember when the sense of wonder truly set in. A few weeks into my time at Cloudflare, I received a request from a local community healthcare clinic that was under attack. I was new, I didn’t have all the permissions I have now, and I didn’t fully understand how all of our systems worked (I still don’t, but I’m much better at figuring out who does). I started reaching out to other teams, all of whom eagerly volunteered their time. Within a few hours, a website that had been down for a week was back up, and best practices were being discussed to help them stay online in the future.

About a week later I received a wonderful thank you message from the group, and made sure I sent it to those who had helped out and were invested. I treasure these little reminders in my day that what I’m doing makes a difference. In fact, I frequently question my luck in receiving all the praise for a project that functions thanks to the work of countless engineers, and other teams, who work tirelessly to make our product better. I try to find ways to pass these small moments on.

It makes me laugh when participants who joined while I’ve been working on the project email me with an introduction along the lines of “I don’t know if you remember us, but…”. It makes sense, in the abstract. I receive a lot of emails, and around half of all recipients have joined since I started organizing the project. Still, I remember almost everyone who I’ve written to. How could I forget the person who signed off all their emails with something joyful they were doing at the moment, or the one who told me that they had finally made it through a week without their website going down? In many ways, on Project Galileo I interact less with organizations and more with a set of extremely passionate people. The purpose and drive of these individuals infect me with a sense of wonder and excitement, even when our only communications are virtual.

Project Galileo: the view from the front lines
Project Galileo partners

Internal Commitment

Project Galileo doesn’t just bring out the best of the Internet through our recipients, it also brings out the best in Cloudflare. Working on Project Galileo has given me a lot of leeway to explore all aspects of the company. We don’t have a large team in DC, and most of us are on the Policy team. To do my job, I rely on being able to contact teams globally, from Support to Trust and Safety to Solutions Engineering. I’ve chatted with Support team members at 2am to fix an emergency situation, and had a Solutions Engineer on call from 11pm to 1am on a Friday night to support an organization during an event. Even when frustrating or anxiety provoking, these times make me proud to work for an organization that not only vocally supports this project, but whose members commit their time to it despite competing priorities.

At risk of being overly grandiose, there are a lot of hopes and dreams tied up in Project Galileo. There is the dream that the Internet is a place for vulnerable voices, no matter how small, to advocate for change. There is the dream that companies will use their products to help deserving groups who may not otherwise be able to afford them. As for me, I hope that every day I do something that makes the world a little better. It is an honor to carry these hopes and dreams within the company, and I strive to be a good steward.

Happy 5th Birthday, Project Galileo! Here’s to many more.

Project Galileo: the view from the front lines

Protecting Project Galileo websites from HTTP attacks

Post Syndicated from Maxime Guerreiro original https://blog.cloudflare.com/protecting-galileo-websites/

Protecting Project Galileo websites from HTTP attacks

Yesterday, we celebrated the fifth anniversary of Project Galileo. More than 550 websites are part of this program, and they have something in common: each and every one of them has been subject to attacks in the last month. In this blog post, we will look at the security events we observed between the 23 April 2019 and 23 May 2019.

Project Galileo sites are protected by the Cloudflare Firewall and Advanced DDoS Protection which contain a number of features that can be used to detect and mitigate different types of attack and suspicious traffic. The following table shows how each of these features contributed to the protection of sites on Project Galileo.

Firewall Feature

Requests Mitigated

Distinct originating IPs

Sites Affected (approx.)

Firewall
Rules

78.7M

396.5K

~ 30

Security
Level

41.7M

1.8M

~ 520

Access
Rules

24.0M

386.9K

~ 200

Browser
Integrity Check

9.4M

32.2K

~ 500

WAF

4.5M

163.8K

~ 200

User-Agent
Blocking

2.3M

1.3K

~ 15

Hotlink
Protection

2.0M

686.7K

~ 40

HTTP
DoS

1.6M

360

1

Rate
Limit

623.5K

6.6K

~ 15

Zone
Lockdown

9.7K

2.8K

~ 10

WAF (Web Application Firewall)

Although not the most impressive in terms of blocked requests, the WAF is the most interesting as it identifies and blocks malicious requests, based on heuristics and rules that are the result of seeing attacks across all of our customers and learning from those. The WAF is available to all of our paying customers, protecting them against 0-days, SQL/XSS exploits and more. For the Project Galileo customers the WAF rules blocked more than 4.5 million requests in the month that we looked at, matching over 130 WAF rules and approximately 150k requests per day.

Protecting Project Galileo websites from HTTP attacks
Heat map showing the attacks seen on customer sites (rows) per day (columns)

This heat map may initially appear confusing but reading one is easy once you know what to expect so bear with us! It is a table where each line is a website on Project Galileo and each column is a day. The color represents the number of requests triggering WAF rules – on a scale from 0 (white) to a lot (dark red). The darker the cell, the more requests were blocked on this day.

We observe malicious traffic on a daily basis for most websites we protect. The average Project Galileo site saw malicious traffic for 27 days in the 1 month observed, and for almost 60% of the sites we noticed daily events.

Fortunately, the vast majority of websites only receive a few malicious requests per day, likely from automated scanners. In some cases, we notice a net increase in attacks against some websites – and a few websites are under a constant influx of attacks.

Protecting Project Galileo websites from HTTP attacks
Heat map showing the attacks blocked for each WAF rule (rows) per day (columns)

This heat map shows the WAF rules that blocked requests by day. At first, it seems some rules are useless as they never match malicious requests, but this plot makes it obvious that some attack vectors become active all of a sudden (isolated dark cells). This is especially true for 0-days, malicious traffic starts once an exploit is published and is very active on the first few days. The dark active lines are the most common malicious requests, and these WAF rules protect against things like XSS and SQL injection attacks.

DoS (Denial of Service)

A DoS attack prevents legitimate visitors from accessing a website by flooding it with bad traffic.  Due to the way Cloudflare works, websites protected by Cloudflare are immune to many DoS vectors, out of the box. We block layer 3 and 4 attacks, which includes SYN floods and UDP amplifications. DNS nameservers, often described as the Internet’s phone book, are fully managed by Cloudflare, and protected – visitors know how to reach the websites.

Protecting Project Galileo websites from HTTP attacks
Line plot – requests per second to a website under DoS attack

Can you spot the attack?

As for layer 7 attacks (for instance, HTTP floods), we rely on Gatebot, an automated tool to detect, analyse and block DoS attacks, so you can sleep. The graph shows the requests per second we received on a zone, and whether or not it reached the origin server. As you can see, the bad traffic was identified automatically by Gatebot, and more than 1.6 million requests were blocked as a result.

Firewall Rules

For websites with specific requirements we provide tools to allow customers to block traffic to precisely fit their needs. Customers can easily implement complex logic using Firewall Rules to filter out specific chunks of traffic, block IPs / Networks / Countries using Access Rules and Project Galileo sites have done just that. Let’s see a few examples.

Firewall Rules allows website owners to challenge or block as much or as little traffic as they desire, and this can be done as a surgical tool “block just this request” or as a general tool “challenge every request”.

For instance, a well-known website used Firewall Rules to prevent twenty IPs from fetching specific pages. 3 of these IPs were then used to send a total of 4.5 million requests over a short period of time, and the following chart shows the requests seen for this website. When this happened Cloudflare, mitigated the traffic ensuring that the website remains available.

Protecting Project Galileo websites from HTTP attacks
Cumulative line plot. Requests per second to a website

Another website, built with WordPress, is using Cloudflare to cache their webpages. As POST requests are not cacheable, they always hit the origin machine and increase load on the origin server – that’s why this website is using firewall rules to block POST requests, except on their administration backend. Smart!

Website owners can also deny or challenge requests based on the visitor’s IP address, Autonomous System Number (ASN) or Country. Dubbed Access Rules, it is enforced on all pages of a website – hassle-free.

For example, a news website is using Cloudflare’s Access Rules to challenge visitors from countries outside of their geographic region who are accessing their website. We enforce the rules globally even for cached resources, and take care of GeoIP database updates for them, so they don’t have to.

The Zone Lockdown utility restricts a specific URL to specific IP addresses. This is useful to protect an internal but public path being accessed by external IP addresses. A non-profit based in the United Kingdom is using Zone Lockdown to restrict access to their WordPress’ admin panel and login page, hardening their website without relying on non official plugins. Although it does not prevent very sophisticated attacks, it shields them against automated attacks and phishing attempts – as even if their credentials are stolen, they can’t be used as easily.

Rate Limiting

Cloudflare acts as a CDN, caching resources and happily serving them, reducing bandwidth used by the origin server … and indirectly the costs. Unfortunately, not all requests can be cached and some requests are very expensive to handle. Malicious users may abuse this to increase load on the server, and website owners can rely on our Rate Limit to help them: they define thresholds, expressed in requests over a time span, and we make sure to enforce this threshold. A non-profit fighting against poverty relies on rate limits to protect their donation page, and we are glad to help!

Security Level

Last but not least, one of Cloudflare’s greatest assets is our threat intelligence. With such a wide lens of the threat landscape, Cloudflare uses our Firewall data, combined with machine learning to curate our IP Reputation databases. This data is provided to all Cloudflare customers, and is configured through our Security Level feature. Customers then may define their threshold sensitivity, ranging  from Essentially Off to I’m Under Attack. For every incoming request, we ask visitors to complete a challenge if the score is above a customer defined threshold. This system alone is responsible for 25% of the requests we mitigated: it’s extremely easy to use, and it constantly learns from the other protections.

Conclusion

When taken together, the Cloudflare Firewall features provide our Project Galileo customers comprehensive and effective security that enables them to ensure their important work is available. The majority of security events were handled automatically, and this is our strength – security that is always on, always available, always learning.

Project Galileo: Lessons from 5 years of protecting the most vulnerable online

Post Syndicated from Matthew Prince original https://blog.cloudflare.com/project-galileo-fifth-anniversary/

Project Galileo: Lessons from 5 years of protecting the most vulnerable online

Today is the 5th anniversary of Cloudflare’s Project Galileo. Through the Project, Cloudflare protects—at no cost—nearly 600 organizations around the world engaged in some of the most politically and artistically important work online. Because of their work, these organizations are attacked frequently, often with some of the fiercest cyber attacks we’ve seen.

Project Galileo: Lessons from 5 years of protecting the most vulnerable online

Since it launched in 2014, we haven’t talked about Galileo much externally because we worry that drawing more attention to these organizations may put them at increased risk. Internally, however, it’s a source of pride for our whole team and is something we dedicate significant resources to. And, for me personally, many of the moments that mark my most meaningful accomplishments were born from our work protecting Project Galileo recipients.

The promise of Project Galileo is simple: Cloudflare will provide our full set of security services to any politically or artistically important organizations at no cost so long as they are either non-profits or small commercial entities. I’m still on the distribution list that receives an email whenever someone applies to be a Project Galileo participant, and those emails remain the first I open every morning.

Project Galileo: Lessons from 5 years of protecting the most vulnerable online

The Project Galileo Backstory

Five years ago, Project Galileo was born out of a mistake we made. At the time, Cloudflare’s free service didn’t include DDoS mitigation. If a free customer came under attack, our operations team would generally stop proxying their traffic. We did this to protect our own network, which was much smaller than it is today.

Usually this wasn’t a problem. Most sites that got attacked at the time were companies or businesses that could pay for our services.

Every morning I’d receive a report of the sites that were kicked off Cloudflare the night before. One morning in late February 2014 I was reading the report as I walked to work. One of the sites listed as having been dropped stood out as familiar but I couldn’t place it.

I tried to pull up the site on my phone but it was offline, presumably because we were no longer shielding the site from attack. Still curious, I did a quick search and found a Wikipedia page describing the site. It was an independent newspaper in Ukraine and had been covering the ongoing Russian invasion of Crimea.

I felt sick.

When Nation States Attack

What we later learned was that this publication had come under a significant attack, most likely directly from the Russian government. The newspaper had turned to Cloudflare for protection. Their IT director actually tried to pay for our higher tier of service but the bank tied to the publication’s credit card had had its systems disrupted by a cyber attack as well and the payment failed. So they’d signed up for the free version of Cloudflare and, for a while, we mitigated the attack.

The attack was large enough that it triggered an alert in our Network Operations Center (NOC). A member of our Systems Reliability Engineering (SRE) team who was on call investigated and found a free customer being pummeled by a major attack. He followed our run book and triggered a FINT — which stands for “Fail Internal” — directing traffic from the site directly back to its origin rather than passing through Cloudflare’s protective edge. Instantly the site was overwhelmed by the attack and, effectively, fell off the Internet.

Broken Process

I should be clear: the SRE didn’t do anything wrong. He followed the procedures we had established at the time exactly. He was a great computer scientist, but not a political scientist, so didn’t recognize the site or understand its importance due to the situation at the time in Crimea and why a newspaper covering it may come under attack. But, the next morning, as I read the report on my walk in to work, I did.

Cloudflare’s mission is to help build a better Internet. That day we failed to live up to that mission. I knew we had to do something.

Politically or Artistically Important?

It was relatively easy for us to decide to provide Cloudflare’s security services for free to politically or artistically important non-profits and small commercial entities. We were confident that we could stand up to even the largest attacks. What we were less confident about was our ability to determine who was “politically or artistically important.”

While Cloudflare runs infrastructure all around the world, our team is largely based in San Francisco, Austin, London, and Singapore. That certainly gives us a viewpoint, but it isn’t a particularly globally representative viewpoint. We’re also a very technical organization. If we surveyed our team to determine what organizations deserved protection we’d no-doubt identify a number of worthy organizations that were close to home and close to our interests, but we’d miss many others.

We also worried that it was dangerous for an infrastructure provider like Cloudflare to start making decisions about what content was “good.” Doing so inherently would imply that we were in a position to make decisions about what content was “bad.” While moderating content and curating communities is appropriate for some more visible platforms, the deeper you go into Internet infrastructure, the less transparent, accountable, and consistent those decisions inherently become.

Turning to the Experts

So, rather than making the determination of who was politically or artistically important ourselves, we turned to civil society organizations that were experts in exactly that. Initially, we partnered with 15 organizations, including:

  • Access Now
  • American Civil Liberties Union (ACLU)
  • Center for Democracy and Technology (CDT)
  • Centre for Policy Alternatives
  • Committee to Protect Journalists (CPJ)
  • Electronic Frontier Foundation (EFF)
  • Engine Advocacy
  • Freedom of the Press Foundation
  • Meedan
  • Mozilla
  • Open Tech Fund
  • Open Technology Institute

We agreed that if any partner said that a non-profit or small commercial entity that applied for protection was “politically or artistically important” then we would extend our security services and protect them, no matter what.

With that, Project Galileo was born. Nearly 600 organizations are currently being protected under Project Galileo. We’ve never removed an organization from protection in spite of occasional political pressure as well as frequent extremely large attacks.

Organizations can apply directly through Cloudflare for Project Galileo protection or can be referred by a partner. Today, we’ve grown the list of partners to 28, adding:

  • Anti-Defamation League
  • Amnesty International
  • Business & Human Rights Resource Centre
  • Council of Europe
  • Derechos Digitales
  • Fourth Estate
  • Frontline Defenders
  • Institute for War & Peace Reporting (IWPR)
  • LION Publishers
  • National Democratic Institute (NDI)
  • Reporters Sans Frontières
  • Social Media Exchange (SMEX)
  • Sontusdatos.org
  • Tech Against Terrorism
  • World Wide Web Foundation
  • X-Lab

Cloudflare’s Mission: Help Build a Better Internet

Some companies start with a mission. Cloudflare was not one of those companies. When Michelle, Lee, and I started building Cloudflare it was because we thought we’d identified a significant business opportunity. Truth be told, I thought the idea of being “mission driven” was kind of hokum.

I clearly remember the day that changed for me. The director of one of the Project Galileo partners called me to say that he had three journalists who had received protection under Project Galileo that were visiting San Francisco and asked if it would be okay to bring them by our office. I said sure and carved out a bit of time to meet with them.

The three journalists turned out to all be covering alleged government corruption in their home countries. One was from Angola, one was from Ethiopia, and they wouldn’t tell me the name or home country of the third because he was “currently being hunted by death squads.” All three of them hugged me. One had tears in his eyes. And then they proceeded to tell me about how they couldn’t do their work as journalists without Cloudflare’s protection.

There are incredibly brave people doing important work and risking their lives around the world. Some of them use the Internet to reach their audience. Whether it’s African journalists covering alleged government corruption, LGBTQ communities in the Middle East providing support, or human rights workers in repressive regimes, unfortunately they all face the risk that the powerful forces that oppose them will use cyber attacks to silence them.

I’m proud of the work we’ve done through Project Galileo over the last five years lending the full weight of Cloudflare to protect these politically and artistically important organizations. It has defined our mission to help build a better Internet.

While we respect the confidentiality of the organizations that receive support under the Project, I’m thankful that a handful have allowed us to tell their stories. I encourage you to read about our newest recipients of the Project:

And, finally, if you know of an organization that needs Project Galileo’s protection, please let them know we’re here and happy to help.

Project Galileo: Lessons from 5 years of protecting the most vulnerable online