Project Galileo now protects 2,600+ public interest organizations in 111 countries for free, against about 96 million DDoS attacks every day
Cloudflare, Inc., celebrates the tenth anniversary of Project Galileo, a free offering to protect at-risk public interest groups from distributed denial-of-service (DDoS) attacks and keep them online. These vulnerable targets can include minority rights organizations, human rights defenders, independent journalists, and democracy protection programs. To mark the anniversary, Cloudflare is offering a look at the program’s momentum, statistics, and growing recipient base.
As part of Cloudflare’s mission to help build a better Internet, Project Galileo aims to protect free expression online by offering cybersecurity services like unmetered DDoS protection at no cost. Project Galileo was founded in 2014 after Cloudflare witnessed journalism and nonprofit sites being targeted by very large DDoS attacks. Such attacks flood sites with malicious requests with the intention of knocking them offline, with millions or billions of requests over a very short period of time. For organizations with small staff and budgets, these attacks often take down the site and prevent those in need from accessing the important work and services these organizations aim to provide.
“Part of protecting the free and open Internet means making sure that civil society and political opposition around the world are not forced offline simply for speaking out or challenging those in power. Cloudflare is often the only defense standing between these vulnerable humanitarian, human rights, and journalism groups, and the people who want to take them down,” said Matthew Prince, co-founder and CEO, Cloudflare. “To see this problem ten years ago, and to be in a position to help, has been one of our company’s most important projects, particularly for our employees, who are always willing to make time to onboard and assist new organizations. This is part of our mission to help build a better Internet.”
Cybersecurity Threats are an Ongoing Challenge for At-Risk Groups
Between May 1, 2023, and March 31, 2024, Cloudflare mitigated 31.93 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 95.89 million cyber threats per day over the last 11 months. According to a survey of Project Galileo participants, only 36% of organizations have a dedicated individual that manages cyber security, and 46% of organizations have a limited staff of just 1-10 employees, which means every moment spent combating security threats is time taken away from these organizations’ true missions. Further analysis of attacks on Project Galileo participants showed:
- The largest attack on a Project Galileo organization targeted an independent journalism website: On October 11, 2023, the largest attacks seen against an organization under Project Galileo targeted Meduza, a prominent independent journalism website covering stories in Russia and across the former Soviet Union. The DDoS attack peaked at 7 million requests per second, with an attack duration of 7 minutes. The daily DDoS requests that were mitigated on that day reached 1.9 billion requests.
- Journalists and independent media are the most frequently attacked organizations: Journalists and media organizations were the most attacked category, accounting for 34% of all attacks to the Internet properties protected under the project in the last year, followed by human rights organizations at 17%.
- War-time violence is associated with cyber attacks: Cloudflare has reported patterns of war-time violence accompanied by cyberattacks against Ukrainian organizations, and more recently, organizations connected to Israel and the Palestinian territories. Traffic after October 7, 2023, to Israeli and Palestinian organizations increased, coinciding with the start of the Israel-Hamas conflict. For example, a prominent organization based in the United Kingdom that works to secure Palestinian human rights saw two major attacks. The first, on October 15, 2023, coincided with the national demonstration in London in support of Palestinians and spiked from 0 to 44,500 mitigated requests per second within two minutes. The second, on February 21, 2024, coincided with UK lawmakers calling for a cease-fire, and peaked at 10,500 mitigations that lasted 40 minutes with an average of 6,638 requests per second. Similarly, an organization that manages vital Internet infrastructure in the Middle East, saw two major increases in mitigated traffic — in October, lasting around 2.5 hours and peaking around 78,500 requests per second, and in December, lasting more than 2 hours and averaging 8,600 requests per second throughout that period, reaching as high as 13,830 requests per second.
LGBTQ, Women’s Empowerment Organizations, and More Can Further Their Missions with Cloudflare’s Protection
Awaq ONGD: “Project Galileo’s services are not just integral but absolutely indispensable to our organization’s operations. They go beyond enhancing website performance, security, scalability, and reliability—they are the very backbone that enables us to exist and thrive in the digital world. It not only helps us save on cyber security expenses but also provides us with the financial flexibility to allocate those resources toward our core mission of fighting climate change.” – Nicolás Morgado, Director of Cybersecurity
LGBT Foundation: “Project Galileo has been fundamental when our day to day has so much risk of online threats and attacks – civil rights organizations like ours need support 365 days a year. It is important to note that as a Registered Charity, we’re not massively resourced, so staying online is how we’re able to save lives. The team at Cloudflare and Ave Design Studio that keep us secure and online every single day are the unsung heroes to organizations like ours.” – Matthew Belfield, head of communications and marketing
Tech4Peace: “Without Cloudflare’s protection, our website and app would be vulnerable to attacks, potentially impeding our ability to provide timely and reliable information to those who need it most and hindering our efforts to solve urgent cases via the helpline, especially those relating to journalists, activists, and women facing gender-based violence.” – Aws Al-Saadi, founder and president
UN Women Australia: “Cloudflare and Project Galileo have been amazing, providing us with reliable, reputable, and actionable advice we simply would not have had access to otherwise. Its expertise and strategic advice came at a time we needed it most. The potential impact of the attacks could have been far worse without Cloudflare’s support.” – Simone Clarke, Chief Executive Officer
Cagle Cartoons: “Our servers, sites, and online delivery are protected by Cloudflare through Project Galileo, and we couldn’t be in business without this protection. Our sites and political cartoonists are a target of an astounding amount of hacker attacks.” – Daryl Cagle, Chief Executive Officer
Growing List of Partners Helps to Drive the Program’s Expansion
Cloudflare partners with 54 respected civil society organizations to identify websites eligible for participation in Project Galileo. These groups provide expertise in their areas of influence to ensure applicant organizations are approved in an unbiased and neutral process.
Internet Society, a global charitable organization empowering people to keep the Internet a force for good: “Victims of domestic violence, democracy activists, and journalists can be targeted by very powerful and determined attackers, and have to be especially careful with their digital presence and trail online, lest they be harmed, imprisoned, or killed. We need a diverse group of knowledgeable individuals supporting and advocating for which voices and initiatives deserve a leg up. That’s exactly the aim of programs like Project Galileo.” – Dr. Joseph Hall, distinguished technologist
National Democratic Institute, a nonprofit, nonpartisan organization working to support and strengthen democratic institutions worldwide through citizen participation, openness and accountability in government: “Cloudflare’s Project Galileo stands out to us for its commitment to providing not only free but also easily accessible resources. The project’s user-friendly resource guides, for example, have made it much easier for NDI to introduce concepts like DDoS protection to our diverse range of democracy partners working to protect their operations — especially in the context of elections and other critical political processes.” – Evan Summers, program director for Digital Resilience
NetHope, a global consortium of nonprofits working to effectively address the world’s most pressing challenges through collaboration, collective action and the smarter use of technology: “Our NetHope community and the Global Humanitarian ISAC recognizes that cybersecurity is a team sport, and it is only by working together with partners like Cloudflare that we will succeed in keeping nonprofits’ missions safe in the digital age. Nonprofits provide last-mile critical infrastructure and lifesaving aid to millions of people worldwide, yet are actively targeted by malicious actors including nation states. By joining forces with partners like Cloudflare, through Project Galileo, we can each bring our specific expertise to defending these nonprofits for the good of people and the planet.” – Dianna Langley, chief operating officer
Learn more about the wide range of Project Galileo participants here.
