Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Cloud The Internet Technology

Cloudflare Under Fire For Allegedly Providing DDoS Protection For Terrorist Websites 98

Cloudflare is facing accusations that it's providing cybersecurity protection for at least seven terrorist organizations. "On Friday, HuffPost reported that it has reviewed numerous websites run by terrorist organizations and confirmed with four national security and counter-extremism experts that the sites are under the protection of Cloudflare's cybersecurity services," reports Gizmodo.

"Among Cloudflare's millions of customers are several groups that are on the State Department's list of foreign terrorist organizations, including al-Shabab, the Popular Front for the Liberation of Palestine, al-Quds Brigades, the Kurdistan Workers' Party (PKK), al-Aqsa Martyrs Brigade and Hamas -- as well as the Taliban, which, like the other groups, is sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC)," reports HuffPost.

"In the United States, it's a crime to knowingly provide tangible or intangible 'material support -- including communications equipment -- to a designated foreign terrorist organization or to provide service to an OFAC-sanctioned entity without special permission," the report continues. "Cloudflare, which is not authorized by the OFAC to do business with such organizations, has been informed on multiple occasions, dating back to at least 2012, that it is shielding terrorist groups behind its network, and it continues to do so." Gizmodo reports: The issue that HuffPost raises is whether Cloudflare is providing "material support" to sanctioned organizations. Some attorneys told HuffPost that it may be in violation of the law. Others, like the Electronic Frontier Foundation, argue that "material support" can and has been abused to silence speech. Cloudflare's general counsel, Doug Kramer, told Gizmodo over the phone that the company works closely with the U.S. government to ensure that it meets all of its legal obligations. He said that it is "proactive to screen for sanctioned groups and reactive to respond when its made aware of a sanctioned group" to which it may be providing services. HuffPost spoke with representatives from the Counter Extremism Project, who expressed frustration that they've sent four letters to Cloudflare over the last two years identifying seven terrorist-operated sites without receiving a reply. Kramer would not address any specific customers or situations when speaking with Gizmodo. He said that's simply company policy for reasons of protecting privacy.
This discussion has been archived. No new comments can be posted.

Cloudflare Under Fire For Allegedly Providing DDoS Protection For Terrorist Websites

Comments Filter:
  • by Anonymous Coward

    I think I would prefer steps being taken to protect me from groups like the "Counter Extremism Project" than any of the groups on that list (as awful as some of them are).

  • by vinn01 ( 178295 ) on Friday December 14, 2018 @09:09PM (#57806622)

    I know something of OFAC. They are not nice, friendly, people. If they actually had a solid case they would be coming down on Cloudflare like a ton of bricks. The fact that they are whining in letters and not prosecuting means they have no case.

    It's not just providing material support, just doing business with anyone on OFAC's list of Specially Designated Nationals (SDN) is a felony. The way the law is written, if anyone sells anything to a person who's on the SDN list, as much as a sandwich or a bottle of water, that's "doing business" and therefore a felony.

    OFAC actually has the fantasy that all businesses in the US will check the ID of every customer and then check the SDN database against the customer's name before doing business with them. Nevermind that there are plenty of people in the world with the same names. And nevermind that it would take 15 minutes to buy a sandwich.

    • by bill_mcgonigle ( 4333 ) * on Friday December 14, 2018 @10:32PM (#57806784) Homepage Journal

      They don't care if you sold a sandwich. They do care that if you become politically inconvenient later on they can get you off to prison for having sold that sandwich within the statute of limitations.

    • They may very well not have a legal case. Instead they want to use the court of public opinion. Being a government agency, they can slander all they want and get off with a "my bad".

      • Re: (Score:2, Insightful)

        by rtb61 ( 674572 )

        How about we just express the reality.
        US CIA/NSA - "Fuck you Cloudflare, you are stopping us from attacking these countries, fuck off already."
        Cloudflare - "Fuck off CIA/NSA if we don't do it someone else will, do you want us to pay fucking taxes or not, you guys so full of shit."

        The reason the US government does not want international treaties with regard to internet security, so it can continue to attack every single fucking country across the entire globe, is has not even signed internet no attack treat

    • Without commenting on the people of OFAC, taking Noam Chomsky's explanation of standing for freedom of speech precisely for views one doesn't like (seen in context in the movie Manufacturing Consent [archive.org] where Chomsky defends Robert Faurrison's freedom of speech while not supporting his thesis—the segment begins around 2h24m21s and Chomsky's concise response about freedom of speech to a questioner is at 2h10m52s), I'm reminded that Cloudflare is the organization that also switched from a position that was

    • Comment removed (Score:4, Interesting)

      by account_deleted ( 4530225 ) on Saturday December 15, 2018 @05:46AM (#57807610)
      Comment removed based on user account deletion
      • by c ( 8461 )

        My money is on Cloudflare keeping those sites up because someone in the SIGINT community sent them a notice informing them and saying "please keep them up and send us logs, k thx."

        Or, just as likely, the government hasn't explicitly ordered them to take them down and Cloudflare's default is to not act until someone with authority tells them they have to. Neither HuffPost nor the Counter Extremism Project are US government agencies and don't get to legally tell anyone to take down anything. I'd ignore them t

      • It's HuffPo.

        Yeah. My default stance is that whatever position they take, mine is 180 degrees (F or C?) off theirs. For a second there I was worried.

    • by AmiMoJo ( 196126 )

      Looking at the list it does seem a bit much. conservative-headlines.com is just a bunch of links to shitty YouTube channels. Hamas.ps doesn't look particularly bad either, probably no worse than typical western political/military hero memorial sites.

      Seems like the legal bar needs to be set much higher.

  • Whatever (Score:2, Insightful)

    Where does this end exactly ?

    Cloudflare
    The ISP that gets them online
    The guy who sold the computer
    The one who made the website
    Electricity provider to power it all

    Canâ(TM)t go after the one without going after them all . . . .

    Besides, the USG basically defines terrorist as anyone who they donâ(TM)t see eye to eye with. That list changes on a daily basis depending on who they are bombing on amy given day.

  • A nation state that cant cover the banDNWIDTH?
  • for collecting info?

  • ... again.

    They should just change their name to "Cloudflare Under Fire."

  • Am I a terrorist supporter?

    I read some idiotic answers here, am i an idiot?
    (Sure, I am).

  • Patreon often blocks even moderate conservatives from using their service.

    But Patreon proudly allows the funding for violent leftist groups.

    >>
    WHAT?! Antifa Groups Are Using Patreon To Fund Violent ‘Insurrection’ Against America

    https://bigleaguepolitics.com/what-antifa-groups-using-patreon-to-fund-violent-insurrection-against-america/

  • In an update to the story both the HuffPost and Gizmodo have both found themselves under investigation by OFAC for bringing the publics attention to these terrorist organizations and their websites.

  • Cloudflare has been informed on multiple occasions

    So if I send an email to huffpost saying their editor is a bogeyman, "they were informed" and need to take down all his/her content, regardless of the authenticity of my informing.

    If "regardless" is wrong, I'd like to know what measures of regard are required before a rando's email is established as proof of intent.

    Required and ignored, in huffpost's accusation.

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...