The Organized Crime and Corruption Reporting Project
How the Organized Crime and Corruption Reporting Project Secures Global Investigative Journalism with Project Galileo
The Organized Crime and Corruption Reporting Project (OCCRP) is an organization that functions as both a global network for investigative journalists and a media development hub for over 75 independent non-profit member centers. Launched in 2007 and now operating across six continents, OCCRP provides the digital infrastructure and editorial support necessary for reporters to "follow the money" and expose the world’s most complex criminal networks. Because their work targets powerful figures involved in organized crime and corruption, OCCRP faces constant cyber threats, including DDoS, phishing attacks designed to silence their reporting.
For OCCRP, an open and secure Internet is not a luxury; it is the foundation of their mission. As an online-only publication, the availability of their reporting and their investigative data platform, Aleph Pro, is critical to informing the public and holding power to account. OCCRP provides investigative tools to empower their network of journalists to track illicit financial operations and turn complex data into reporting that is accessible to everyone.
"Cybersecurity tools help us maintain the confidentiality and integrity of our data, and the availability of our website. We work for the public and our reporting needs to be available at all times." — Geoff Hunter, CTO/CISO
The reality of investigative journalism in the 21st century involves regular digital combat. OCCRP has faced several major DDoS attacks, including a sustained multi-day campaign in January 2026. In previous years, such attacks might have taken down the website, but with Cloudflare, the outcome has changed.
"Our website is much more resilient to DDoS attacks since joining Cloudflare. The most recent attack took place over several days in January 2026, but our engineers were able to quickly adjust rate limiting rules in Cloudflare to mitigate the attack." — Geoff Hunter, CTO/CISO
During an attack in January 2026, Cloudflare mitigated over 350 million malicious requests. While the bulk of the traffic was stopped at the edge, a sophisticated portion of the attack—approximately 20 million requests—attempted to bypass initial protections to reach the backend. This surge, peaking at 200,000 requests every 15 minutes, put immense pressure on the organization's internal infrastructure.
"We managed to solve this issue by tightening our security rules, enabling Under Attack mode for the affected website, and scaling up backend resources... Cloudflare gives us more confidence in being able to withstand these threats." — Platforms Engineer at OCCRP
By utilizing Cloudflare’s "Under Attack" mode and tightening WAF rules in real-time, OCCRP’s engineering team was able to stabilize their production environment and maintain the integrity of their Cloudflare Tunnels.
Project Galileo and OCCRP
The organization utilizes a comprehensive stack of Cloudflare products to defend its infrastructure and its journalists.
- DDoS Protection: Automatically detects and mitigates large-scale attacks intended to take the OCCRP website offline. Following a series of costly attacks, this has made the site significantly more resilient.
- Cloudflare Zero Trust: Enables OCCRP to reduce its attack surface by ensuring only authorized users can access sensitive internal systems, protecting journalists from sophisticated threats.
- Cloudflare Tunnels: Allows OCCRP to proxy applications securely without exposing them to the public Internet, further hardening their infrastructure against breaches.
- Cloudflare Cache: Improves the speed and availability of the website for a global audience, ensuring that hard-hitting journalism reaches readers quickly, regardless of their location.
Without these protections, the organization would be far more susceptible to the "costly" disruptions that once threatened to take them offline for extended periods.
"Cloudflare gives us more confidence of being able to withstand these threats we face as an organization and to keep informing the public." — Geoff Hunter, CTO/CISO
