ProtonMail still under attack by DDoS bombardment Secure webmail outfit ProtonMail is still fighting against a sustained DDoS attack that has left its service largely unavailable since Tuesday. In a statement posted to a hastily erected blog site, ProtonMail said the powerful attack by unknown parties has also inflicted collateral damage on third-party organisations. The …
I'm curious who is interested in taking down protonmail? Obviously state actors, but if it is traced back to them then they are a big enough legal target. It seems like they are having problems with a data center, from their twitter feed:
'We are seeking a datacenter in Switzerland brave enough to host ProtonMail, many are afraid due to the magnitude of the attack against us.'
What are they thinking of? Moving an entire datacenter? It's all a little curious.
Good luck to them, I hope that the service survives this drubbing.
I'm not too sure about the "State Actor" thing. It's too much of a Foot Meet Bullet scenario.
By attacking Protonmail they'd be stirring up a hornets' nest, given that people will eventually figure out who/what initiated the attack, and the backlash would be significant. Especially with the reported fallout of the attack also bothering banks. Switzerland is serious about their banks, and other stuff.
Intelligence agencies/state sponsored teams may...severely dislike.. protonmail, but I simply can't imagine any particular group in that scene being so ...well... stupid.. to push an action like this.
A criminal source is much more likely. There's groups that have both the skill and budget to pull off a sustained attack on this scale, the publicity would mean their next threat would ..cut the mustard.. much easier, it pays to advertise.. Or it's an attempt to disrupt some other operation. Plenty of possibilities there.
DDOS attacks are often a prelude to something else. They are essentially used in this scenario as a method for testing the waters. Also, they can be used as a distraction, causing all of the people who might catch on to what is being done to look elsewhere at the time it is happening.
"By attacking Protonmail they'd be stirring up a hornets' nest, given that people will eventually figure out who/what initiated the attack, and the backlash would be significant. Especially with the reported fallout of the attack also bothering banks. Switzerland is serious about their banks, and other stuff."
Not if the state is hiring outside help through a shill or by turning to black market channels where questions aren't asked. Even if they catch the immediate perpetrator, he/she/they will probably not know enough about their benefactor(s) to be able to continue the trail.
"...By attacking Protonmail they'd be stirring up a hornets' nest, given that people will eventually figure out who/what initiated the attack, and the backlash would be significant...."
Unless it was traced back to the US. In which case people would huff and puff for a few days, before returning to their customary 'Bent over. Cheeks parted' stance.
A state might use blackmail of staff, but not every intelligence agency has the field agents necessary to do this. For example, the NSA and GCHQ could not do this on their own, they'd need the CIA, MI5 or MI6.
Probably a lot of the vulnerabilities in the internet have been left there to facilitate state actors spying on the public -- what other reason could there be for sticking us with a communications system that is so inherently vulnerable?
'We are seeking a datacenter in Switzerland brave enough to host ProtonMail, many are afraid due to the magnitude of the attack against us.'
What are they thinking of? Moving an entire datacenter? It's all a little curious.
Well, for a start, it should have been two separate data centres. However, afraid because of an attack? WTF? I would like to know those data centres because it tells me just how much help they will be if that befalls your own service (f*ck all, basically).
On the plus side, now they have a chance to work on their defences for that too, because that is a pretty basic Internet issue that can happen to anyone... Good luck, guys, I hope you can start filtering soon.
The last ProtonMail tweet before the DDOSing was unusually strident and political for them, "“In another attack on human rights, the British government is trying to ban ProtonMail”.
May stated, "“There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.”
Motive, means and opportunity.
"May stated, "“There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.”"
Sadly seeking to harm us can mean voting for another peaceful political party or campaigning for budget cuts to the internal spy agencies that work each day to subvert our democracies.
"ProtonMail offers a webmail system designed by boffins and CERN to withstand surveillance by the world's intelligence agencies."
The cynic in me suggests that perhaps ProtonMail offers a webmail system designed by the NSA boffins and CERN to allow withstand surveillance by the world's intelligence agencies.
From the VFEmail site in Holland comes:
!!!ALERT!!!!
www.vfemail.net and mail.vfemail.net are currently unavailable. Our provider, TSRSolutions, has turned off our IP Address space due to an extortion DDOS attack from Armada Collective.
Incoming email is also not available. I do not have any additional updates at this time.
Mail may be restored for a short time by Sunday.
"Our provider, TSRSolutions, has turned off our IP Address space due to an extortion DDOS attack from Armada Collective."
The Armada Collective? I'm guessing that is the English Armada Collective rather than the Spanish Armada Collective. Piss-poor pissants, dastardly bastards, priggish, well you get the gist.
https://protonmaildotcom.wordpress.com/
Slightly before midnight on November 3rd, 2015, we received a blackmail email from a group of criminals who have been responsible for a string of DDOS attacks which have happened across Switzerland in the past few weeks.
...
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless.
...
This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.
I dunno, I'd never pay anything myself and am a wee bit disappointed they did. Still, I contributed to their fighting fund and already they are up to $15k.
My other query is did the script-kiddie blackmailer jump on the coat-tails of the APT, vice-versa, or are they one and the same?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
