back to article ProtonMail still under attack by DDoS bombardment

Secure webmail outfit ProtonMail is still fighting against a sustained DDoS attack that has left its service largely unavailable since Tuesday. In a statement posted to a hastily erected blog site, ProtonMail said the powerful attack by unknown parties has also inflicted collateral damage on third-party organisations. The …

  1. Valeyard

    It was me

    I'm on a list everytime i access the site, So I DDOS it to obfuscate everytime I check my email

  2. ZSn

    Who?

    I'm curious who is interested in taking down protonmail? Obviously state actors, but if it is traced back to them then they are a big enough legal target. It seems like they are having problems with a data center, from their twitter feed:

    'We are seeking a datacenter in Switzerland brave enough to host ProtonMail, many are afraid due to the magnitude of the attack against us.'

    What are they thinking of? Moving an entire datacenter? It's all a little curious.

    Good luck to them, I hope that the service survives this drubbing.

    1. Grikath

      Re: Who?

      I'm not too sure about the "State Actor" thing. It's too much of a Foot Meet Bullet scenario.

      By attacking Protonmail they'd be stirring up a hornets' nest, given that people will eventually figure out who/what initiated the attack, and the backlash would be significant. Especially with the reported fallout of the attack also bothering banks. Switzerland is serious about their banks, and other stuff.

      Intelligence agencies/state sponsored teams may...severely dislike.. protonmail, but I simply can't imagine any particular group in that scene being so ...well... stupid.. to push an action like this.

      A criminal source is much more likely. There's groups that have both the skill and budget to pull off a sustained attack on this scale, the publicity would mean their next threat would ..cut the mustard.. much easier, it pays to advertise.. Or it's an attempt to disrupt some other operation. Plenty of possibilities there.

      1. Robert Helpmann??
        Childcatcher

        Re: Who?

        DDOS attacks are often a prelude to something else. They are essentially used in this scenario as a method for testing the waters. Also, they can be used as a distraction, causing all of the people who might catch on to what is being done to look elsewhere at the time it is happening.

      2. Danny 2

        Re: Who?

        I'm sorry, the idea that this would be too illegal or too stupid for GCHQ to risk is hardly borne out by the past 41 years of GCHQ being exactly this illegal and stupid.

        1. Danny 2

          Re: Who?

          Sorry, my bad, the last 31 years. Telecommunications Act 1984.

      3. Anonymous Coward
        Anonymous Coward

        Re: Who?

        "By attacking Protonmail they'd be stirring up a hornets' nest, given that people will eventually figure out who/what initiated the attack, and the backlash would be significant. Especially with the reported fallout of the attack also bothering banks. Switzerland is serious about their banks, and other stuff."

        Not if the state is hiring outside help through a shill or by turning to black market channels where questions aren't asked. Even if they catch the immediate perpetrator, he/she/they will probably not know enough about their benefactor(s) to be able to continue the trail.

      4. Quortney Fortensplibe
        Unhappy

        Business as Usual

        "...By attacking Protonmail they'd be stirring up a hornets' nest, given that people will eventually figure out who/what initiated the attack, and the backlash would be significant...."

        Unless it was traced back to the US. In which case people would huff and puff for a few days, before returning to their customary 'Bent over. Cheeks parted' stance.

    2. g e

      Re: Who?

      I'd have thought State actors would have gone for a more traditional blackmail-of-staff route or something from within rather than without.

      1. WatAWorld

        Re: Who?

        A state might use blackmail of staff, but not every intelligence agency has the field agents necessary to do this. For example, the NSA and GCHQ could not do this on their own, they'd need the CIA, MI5 or MI6.

        Probably a lot of the vulnerabilities in the internet have been left there to facilitate state actors spying on the public -- what other reason could there be for sticking us with a communications system that is so inherently vulnerable?

      2. Anonymous Coward
        Anonymous Coward

        Re: Who?

        I'd have thought State actors would have gone for a more traditional blackmail-of-staff route or something from within rather than without

        I agree. After all, the project does involve quite a substantial number of US passport holders, so it has the leverage pretty much built in.

    3. Anonymous Coward
      Anonymous Coward

      Re: Who?

      'We are seeking a datacenter in Switzerland brave enough to host ProtonMail, many are afraid due to the magnitude of the attack against us.'

      What are they thinking of? Moving an entire datacenter? It's all a little curious.

      Well, for a start, it should have been two separate data centres. However, afraid because of an attack? WTF? I would like to know those data centres because it tells me just how much help they will be if that befalls your own service (f*ck all, basically).

      On the plus side, now they have a chance to work on their defences for that too, because that is a pretty basic Internet issue that can happen to anyone... Good luck, guys, I hope you can start filtering soon.

      1. Bogle

        Re: Who?

        Small thing: ProtonMail already do have two data centres in Switzerland.

  3. Alister

    The chances are this attack is sponsored / carried out by one or other of the five-eyes. End-to-end encryption! not allowed!

  4. cantankerous swineherd

    runbox.com were also having problems, fwiw.

  5. Danny 2

    Quacking like GCHQ

    The last ProtonMail tweet before the DDOSing was unusually strident and political for them, "“In another attack on human rights, the British government is trying to ban ProtonMail”.

    May stated, "“There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.”

    Motive, means and opportunity.

    1. g e

      Re: Quacking like GCHQ

      Jesus. Crazyhag May sounds clinically paranoid if that's a verbatim quote.

      1. Warm Braw

        Re: Quacking like GCHQ

        She's just very territorial. Poisoning minds and peddling hatred is the job of the government.

    2. WatAWorld

      Re: Quacking like GCHQ

      "May stated, "“There should be no area of cyberspace which is a haven for those who seek to harm us to plot, poison minds and peddle hatred under the radar.”"

      Sadly seeking to harm us can mean voting for another peaceful political party or campaigning for budget cuts to the internal spy agencies that work each day to subvert our democracies.

  6. Aqua Marina

    "ProtonMail offers a webmail system designed by boffins and CERN to withstand surveillance by the world's intelligence agencies."

    The cynic in me suggests that perhaps ProtonMail offers a webmail system designed by the NSA boffins and CERN to allow withstand surveillance by the world's intelligence agencies.

  7. Anonymous Coward
    Anonymous Coward

    Looks like VFEMail.net is down too

    According to "down for everyone" check anyway.

    tutanota is up though.

    1. Anonymous Coward
      Anonymous Coward

      Re: Looks like VFEMail.net is down too

      Their facebook and twitter pages confirm that they are down. On facebook they also say that their hosting provider has shut them down and will not be allowing access to retrieve IMAP stored mail.

      1. Jeff Deacon

        Re: Looks like VFEMail.net is down too

        From the VFEmail site in Holland comes:

        !!!ALERT!!!!

        www.vfemail.net and mail.vfemail.net are currently unavailable. Our provider, TSRSolutions, has turned off our IP Address space due to an extortion DDOS attack from Armada Collective.

        Incoming email is also not available. I do not have any additional updates at this time.

        Mail may be restored for a short time by Sunday.

        1. Danny 2

          Re: Looks like VFEMail.net is down too

          ProtonMail is up, at least temporarily.

        2. Danny 2
          Thumb Down

          Re: Looks like VFEMail.net is down too

          "Our provider, TSRSolutions, has turned off our IP Address space due to an extortion DDOS attack from Armada Collective."

          The Armada Collective? I'm guessing that is the English Armada Collective rather than the Spanish Armada Collective. Piss-poor pissants, dastardly bastards, priggish, well you get the gist.

  8. Mark 85

    It may not be about ProtonMail at all... it may be about who is using it. Or as another has pointed out, it's a distraction and the main attack is somewhere else. The alleged extortion attempt on VFEmail might be the real reason...

  9. Danny 2

    Latest statement is pretty serious

    https://protonmaildotcom.wordpress.com/

    Slightly before midnight on November 3rd, 2015, we received a blackmail email from a group of criminals who have been responsible for a string of DDOS attacks which have happened across Switzerland in the past few weeks.

    ...

    At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless.

    ...

    This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.

    1. Bogle
      WTF?

      Re: Latest statement is pretty serious

      ArsTechnica estimated the ransom at $6,000 [http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/].

      Eh? What's the going rate, I wonder, for a sustained DDoS call-off?

      1. Danny 2

        Re: Latest statement is pretty serious

        I dunno, I'd never pay anything myself and am a wee bit disappointed they did. Still, I contributed to their fighting fund and already they are up to $15k.

        My other query is did the script-kiddie blackmailer jump on the coat-tails of the APT, vice-versa, or are they one and the same?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like