Protonmail releases details of dDos attack

Razer Rayzer@riseup.net
Sat Nov 7 09:20:49 PST 2015


They paid ransom to 'criminals' and it didn't stop. I stand by my
earlier statement UK government's GCHQ/allied nation's intel agencies
are responsible, and will never be held accountable under their own laws.

Anyone know bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y?

Interpol want to speak with them...

RR
-----------------------------

ProtonMail Statement about the DDOS Attack

As many of you know, ProtonMail came under sustained DDOS attack
starting on November 3rd, 2015. At the current moment, we are not under
attack and have been able to restore services, but we may come under
attack again.

We are currently working with solution providers to find a way to
mitigate this attack, however, it is quite unprecedented in size and
scope so unfortunately finding a working solution is not easy. Because
of the sophistication of this attack, we will also need to resort to
quite expensive solutions which will burden our finances. It is for this
reason that we are also collecting donations for a ProtonMail defense fund.

ProtonMail was originally created to provide privacy to activists,
journalists, whistleblowers, and other at risk groups, and we have many
of those people in the ProtonMail community. Unfortunately, there are
groups out there determined to oppose this which has led to this
incident. However, we are confident that with your support, we can
overcome this attack and come back stronger than ever, and continue to
provide a place where online privacy is protected.

As we will detail below, this attack has grown beyond just ProtonMail
and is a full fledged cyberattack. We have been working with the Swiss
Governmental Computer Emergency Response Team (GovCERT), the Cybercrime
Coordination Unit Switzerland (CYCO), as part of an ongoing criminal
investigation being conducted here in Switzerland and with the
assistance of Europol. After much consultation, we have decided to
release details about the full extent of the attack on us so the broader
security and privacy community can stay informed.

Slightly before midnight on November 3rd, 2015, we received a blackmail
email from a group of criminals who have been responsible for a string
of DDOS attacks which have happened across Switzerland in the past few
weeks.

This threat was followed by a DDOS attack which took us offline for
approximately 15 minutes. We did not receive the next attack until
approximately 11AM the next morning. At this point, our datacenter and
their upstream provider began to take steps to mitigate the attack.
However, within the span of a few hours, the attacks began to take on an
unprecedented level of sophistication.

At around 2PM, the attackers began directly attacking the infrastructure
of our upstream providers and the datacenter itself. The coordinated
assault on our ISP exceeded 100Gbps and attacked not only the
datacenter, but also routers in Zurich, Frankfurt, and other locations
where our ISP has nodes. This coordinated assault on key infrastructure
eventually managed to bring down both the datacenter and the ISP, which
impacted hundreds of other companies, not just ProtonMail.

At this point, we were placed under a lot of pressure by third parties
to just pay the ransom, which we grudgingly agreed to do at 3:30PM
Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.
This was a collective decision taken by all impacted companies, and
while we disagree with it, we nevertheless respected it taking into the
consideration the hundreds of thousands of Swiss Francs in damages
suffered by other companies caught up in the attack against us. We hoped
that by paying, we could spare the other companies impacted by the
attack against us, but the attacks continued nevertheless. This was
clearly a wrong decision so let us be clear to all future attackers –
ProtonMail will NEVER pay another ransom.

Through MELANI (a division of the Swiss federal government), we
exchanged information with other companies who have also been attacked
and made a few discoveries. First, the attack against ProtonMail can be
divided into two stages. The first stage is the volumetric attack which
was targeting just our IP addresses. The second stage is the more
complex attack which targeted weak points in the infrastructure of our
ISPs. This second phase has not been observed in any other recent
attacks on Swiss companies and was technically much more sophisticated.
This means that ProtonMail is likely under attack by two separate
groups, with the second attackers exhibiting capabilities more commonly
possessed by state-sponsored actors. It also shows that the second
attackers were not afraid of causing massive collateral damage in order
to get at us.

At present, ProtonMail’s infrastructure is still vulnerable to attacks
of this magnitude, but we have a comprehensive long term solution which
is already being implemented. Protecting against a highly sophisticated
attack like the second one which was launched against us requires
sophisticated solutions as we also need to protect our datacenter and
upstream providers. Cost estimates for these solutions are around
$100,000 per year since there are few service providers able to fight
off an attack of this size and sophistication. These solutions are
expensive and take time to implement, but they will be necessary because
it is clear that online privacy has powerful opponents. In order to
cover these costs, we are collecting donations for a ProtonMail defense
fund, which can be found here:

We are fighting not just for privacy, but for the future of the
internet. We would especially like to thank the thousands of users who
offered their support and encouragement on Twitter and Facebook, we will
never stop fighting for you. Over the next several weeks, we will begin
putting in place the sophisticated protections that are necessary to
withstand large scale attacks like this to ensure that online privacy
can’t be taken down.

https://protonmaildotcom.wordpress.com/2015/11/05/protonmail-statement-about-the-ddos-attack/
---------------------------------------------------




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20151107/ad3d3506/attachment.sig>


More information about the cypherpunks mailing list