This does happen, but it's a whole lot more rare in practice. In reality, most attacks come from thousands of compromised IPs [botnets] run by people or organizations looking to blackmail operators into paying a fee or doing something like giving up user data. It has long been rumored that these entities with blackmailing power are often state-run themselves, in order to bully providers into sharing their data with "a trusted anti-DDoS company" that the governments can force to give up plain-text info about their customers more easily. Why bother even trying to get an operative in a position to run the site when you can sniff all the data and who is writing what via an anti-DDoS provider?

Cloudflare regularly provides the US gov't data on its customers. I'm not sure I'd go so far as theymos and say they are basically CIA-run, but I do think they are forced to work with three-letter agencies all the time. If there are any people with principles that work for Cloudflare, it doesn't matter, they have to comply in order to keep their job, and I doubt they are allowed to talk about it even after they have left. Cloudflare itself might have state contracts, or do contracts for other DoD-like agencies and groups, all of which have the specific purpose of cataloging citizens for the government in clear violation of the fourth amendment and chilling the free speech guarantees of the first amendment.


For the same reason that OpenDNS sold to Cisco for a whopping $635 million. DoD contracts are phat loot and the CIA/NSA need the data routed in about who is doing what.