Hacker News new | ask | show | jobs
by px43 1371 days ago
Cloudflare recently hijacked the domain of one of their customers (RaidForums), then cloned the RaidForums login page, and ran a phishing campaign at the behest of the FBI for two weeks.

I understand that you have to comply with law enforcement, but actively attacking the users of one of your customer's websites is super rude.
3 comments
xyzzy_plugh 1371 days ago
This is a pretty wild mischaracterization. "I can't believe they let the FBI tell them what to do" is an incredibly bad take.
link
marginalia_nu 1371 days ago
It is a problem when you centralize the Internet like this though.

The more of the Internet you've got running through your service, the more appealing a target you are for not only domestic government pressure, but attempts from foreign state actors to compromise the service (through not only hacking, but espionage and blackmail as well).

It's not great.

link
xyzzy_plugh 1371 days ago
I'm no fan of centralization but if you think that it makes any difference to the FBI, you're mistaken. The tiniest providers are obligated to do the exact same thing. This has nothing to do with domestic pressure.
link
px43 1370 days ago
When the FBI asked Apple to build tools to attack customers, Apple said no. Cloudflare could have just dropped RaidForums as a customer, but they went the extra mile and built tools to facilitate an attack of RF users.
link
Handytinge 1364 days ago
I did a bit of reading on this, and it looks like the main admin was arrested weeks before the phishing campaign went up.

It seems therefore entirely plausable that the admin handed they keys to the castle to the FBI anyway, or at least gave Cloudflare the okay to go ahead.

I can't find a shred of evidence that Cloudflare were involved directly in making the phishing page or even complying with the FBI.

link
Snawoot 1371 days ago
Please, where can I read about that? I need it to back my point why putting too much trust into CF is not good.
link
px43 1370 days ago
It's all this: https://www.bleepingcomputer.com/news/security/raidforums-ha...

Also I feel like Raid Forums is a bit mis-characterized in the article. It was largely a forum for people who collect OSINT about breached websites, not really a market place, and in the years that I spent there, I never saw people selling actually carding details, like they claim in the article. I used it regularly for my day job.

link
Snawoot 1366 days ago
Thanks!
link