San Francisco-based CloudFlare works to protect and accelerate hundreds of thousands of websites. When LulzSec signed up for protection they had a bit of a dilemma.

announced the existence of LulzSecurity.com in a simple tweet on June 2, 2011. Within minutes that website was taken down by other hackers. However, less than an hour later LulzSec was back, and this time the site stayed up, at least until its announced "retirement" about three weeks later. What changed during that hour?

It turns out that LulzSecurity.com signed up with CloudFlare, a San Francisco-based Web acceleration and security company that "protects and accelerate hundreds of thousands of websites." Matthew Prince, CloudFlare Co-Founder and CEO, will expound in detail on the experience at an RSA Conference briefing Tuesday afternoon. I caught up with him ahead of time for an early scoop on the talk.

Prince explained that CloudFlare has over 250,000 websites using the service, from bloggers to ecommerce sites to governments. They get a new customer almost once per minute, and protection is automatic and immediate as soon as the customer signs up. There's no sales staff checking out each new customer, so the company didn't realize this particular customer was unusual until the attacks started.

"Over the 22 days they were active, almost every hacking group tried to knock them offline," said Prince. "We saw a myriad of substantial hack-attacks, denial of service attacks, and more. Since we were in the crossfire, the attacks hit us." However, the CloudFlare system fended off all attacks, and its machine learning component actually strengthened the service for other customers.

As soon as it became clear that LulzSec was using CloudFlare for protection, "the phones started ringing off the hook." Other customers demanded that CloudFlare terminate LulzSec as a client. Government and law enforcement agencies asked for inside information. CloudFlare's principals wrangled over whether having LulzSec as a customer was reasonable. In the end, they concluded that since the site offered nothing but information and didn't do anything illegal, they should let it continue.

I'm sure they breathed a sigh of relief when LulzSec "retired" after three weeks, but the story didn't end there. Officials from and the RSA Conference weighed in, asking if CloudFlare might share what they learned from the LulzSec experience. Naturally the company's privacy policy forbade any such revelation. However, on a whim the CEO sent a message to the site's registered email account asking for permission to share. Thirteen days later a terse response signed by "Captain Jack Sparrow" gave him that permission.

That's how CloudFlare's CEO came to be giving a talk about exactly what happened during the attacks at the RSA Conference. If you want all the gory details, I'd suggest you arrive early. My guess is this talk will be packed.