ProtonMail pays ransom to end web tsunami – still gets washed offline After a crushing distributed denial-of-service attack against its servers and ISPs, secure email service ProtonMail has paid the ransom demanded by its attackers. The Swiss firm was promptly smashed offline again. "We were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do …
"Any kid with a botnet vained from a virus-making kit."
It reminds me of a replay of the IRC wars back in the late 1990s.
Once the script kiddies established they could make the IRC server owners do what they want, they proceeded to DDoS those who had the temerity to stand up to them. Several companies went under as a result.
Of course back then, the "law" didn't want to know about it until some of the kiddies went too far and took it into real life. One of them ended up with a very long stay indoors after attempting to murder the FBI agent investigating his antics.
Relevance? Many of those script kiddies then are the hardened cyber criminals now.
Literally any 12 year old. The internet is such that this sort of thing is fairly easy.
I wouldn't even consider starting such a service without being able to handle at least 5x that out my own coffers - due to my personal feeling is it's just not ethical - 100gbit is fairly tame by modern standards and if a state wants you offline they'll fire way more at you.
I'm not saying it isn't a state but seriously, paranoia isn't useful. Go ask Arbor for help.
The last ProtonMail tweet before the attack was critical of the UK government. "In another attack on human rights, the British government is trying to ban ProtonMail" While that is true, it does seem ill-advisedly political and self-promoting now, given that GCHQ have no sense of humour.
The original hackers denied involvement in the second attack, saying in the bitcoin address used for the ransom demand, "We are not attacking ProtonMail! Our attack was small, directed at their IP only and lasted 15 minutes only! WE DO NOT HAVE THAT POWER! NOT EVEN CLOSE! We have no such power to crash data center and no reason to attack ProtonMail any more!"
The BBC article carefully fails to mention the allegation of state-sponsored actors, instead victim-blaming for paying the original ransom. Paying the ransom was stupid, not least because it obscures the real story that this was a state hack - our state hack.
One positive thing is that if GCHQ have to DDoS then they probably haven't been able to hack it.
The UK government is criticised on a constant basis, including by this website, but The Guardian still seems to be up after every critical article, and so do all the others.
We don't know who carried out the second attack or why. That doesn't mean you should just make things up. That's not really a good way to understand the world. There are endless possibilities, and we have evidence for precisely none of them.
The Guardian had a bizarre angle-grinder incident recently, in case you didn't notice, with some OTT threats to take them offline, and out of print, thrown in for good measure.
I once mocked MI5 online once, a couple of years after I was wrongly blacklisted as a peace-protester. Guess what happened? I regret that mockery now, there are worse things than being blacklisted. They have no sense of humour, no sense of proportion when it comes to punishment.
I've stated the three dots I am joining. Of course, maybe another 'three letter agency' is trying to frame GCHQ, and of course I have no proof. It might be a duck-billed platypus confusing me, but it is waddling, swimming and quacking like a duck.
..for paying, and so encouraging whoever is doing it to do it again, and again, and again. That is, after they leave for a while.
Who needs a government sponsored attack when you reward criminals? Not that both cannot be the same in this case, but governments have far better means to throw nuts in their gears.
If you check this story in detail you will discover that Protonmail was lent on heavily by 'third parties' to pay up.
So these third parties wanted to ensure that fighting DDoS attacks become a frequent routine for ProtonMail? I can't see a quicker way to ensure the death of the service, especially one that is free and thus desperate for customer goodwill when they switch to a paying model.
The sophistication of the attack suggests insider knowledge. One wonders if there were any US passport holders involved...
State sponsored attack. You mean like the united states framing julian assange ? These guys will do anything to control the world , won't they ?
It's time for little national internets that don't communicate with each other. This one big internet thing is just rolling over and dying , and we should abandon it.
If the initial attack was for only 15 minutes, what's the reason for paying? Most ISP's/web mail servers take that kind of hit and think nothing of it.
It's their upstream ISP who should have anti-DDoS hardware in place to stop these floods. My ex-place of work had one. If a customer got hit, no one actually knew because the box o'tricks was in LINX where bandwidth is plentiful. It could block fake packets, corrupt packets etc. and just dropped them. This kind of box should be standard in every ISP (even the cheap ones).
It appears that ProtonMail understandably mistook the second attack for the first attack, and paid out the script-kiddies to stop the damage that the state-actor was doing.
As the script-kiddies said later on their coin, "Public Note: Somebody with great power, who wants ProtonMail dead, jumped in after our initial attack!"
It is odd, I suspected the 'armada' were a front or a patsy, but maybe GCHQ had their number and just waited until they were useful. Or maybe one of their group was turned. Whatever, if I was one of those script-kiddies tonight I'd be very scared I'm suddenly paddling in the deep-end of the pool, next to a rather large fin.
According to Akamai, attacks of script kiddie's who extorted ProtonMail peaked at 772 Mbps.
https://blogs.akamai.com/2015/11/operation-profile-armada-collective.html
It sounds like those script kiddies are using 1 dedicated server with 1 Gbps port to make floods.
It's strong enough to ddos home connections and small servers, but 1000x stronger attack is needed to shut down 3 data centers + 3 or more email providers at the same time.
Yes, I noticed yesterday the front page of safe-mail.net too. Interesting - that has been up since the 4th. Do these people not run backups? Security begins with running a decent IT shop.
As for VFEmail, their servers are in the US which pretty much disqualifies them as usable - their MX records alone raise questions because it looks like 3 separate machines, but if you look behind the machine names you find one and the same IP address...
Never surrender! My own European based privacy conscious email premium email provider refused to pay and have so far beaten the bastards off with relatively short interruptions of service. Proton did us all a disservice by paying a ransom (if they did -- it's possible they're actually trying to sting the attackers). In the meantime, I'm happy to stand in support of my provider's staff in defiance of these criminals.
If Protonmail paid the initial ransom in order to prevent critical damage, that's forgivable. What I would not forgive is an organization like Protonmail conceding to Governmental Coercion for the release of encryption keys, etc.
It's obvious Protonmail did what it had to do and has since worked on a solution that would prevent this from happening again. I would suspect that the second, larger attack could have been a joint-venture between the NSA & GCHQ. In either case, I still trust Protonmail and the fact that it resides in a country outside of the 14+ eyes of worldwide mass-surveillance, might also be why both state-sponsored actors wanted a piece of that action.
In either case, my information is still safer with Protonmail than most any other email service providers out there and I sure as hell am never going back to using Google's bull***t system with it's privacy-violating data-services and SaaS Cloud infrastructure.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
