ProtonMail DDoS Attack – Sustained & Sophisticated

Keep on Guard!


So the ProtonMail DDoS Attack – if you’re not familiar ProtonMail is an secure, free, encrypted e-mail service that promises absolutely no compromises. It’s been getting hit hard since November 3rd, with a large scale rather sophisticated set of DDoS attacks rendering it unable to receive or send e-mail.

ProtonMail DDoS Attack - Sustained & Sophisticated

It seems to have mitigated the bulk of attack, but is still going up and down. In a way it’s a good thing tho, it’s improved the reputation of ProtonMail and shows that it’s fairly likely their system is very secure, if it wasn’t breached.

Sustained DDoS attacks are the domain of frustrated people who can’t get into a site/service any other way – so they make it inaccessible. Remember security is a triangle of confidentiality, integrity and availability. If you can’t breach the confidentiality or integrity, go after the availability.

ProtonMail has announced that it has successfully mitigated the DDoS attacks which had hobbled it since last week, while also confirming security systems had not been breached.

The encrypted email service was still being hit as of yesterday, after paying a Bitcoin ransom to one of the two DDoS attackers (the smaller, seemingly less powerful one), known as the Armada Collective, largely due to pressure from other affected companies.

The Swiss Government’s CERT (Computer Emergency Response Team) has today published a notice discouraging the payment of ransoms to DDoS attackers.

ProtonMail stated that it is “happy to announce … that after several days of intense work, we have largely mitigated the DDoS attacks against us.”

“These attacks took ProtonMail offline making it impossible to access emails, but did not breach our security,” according to a statement sent to The Register.

The attacks against the company have continued, but due to “the valiant efforts” of ProtonMail partners, IP-Max and Radware, they “are no longer capable of knocking ProtonMail offline for extended periods of time.”

“As our infrastructure recovers over the next several days, there may still be intermittent service interruptions, but we have now largely restored all services.”

The DDoS targeting ProtonMail was extremely sophisticated, according to the company, which prides itself on offering a means of secure communication to “activists, dissidents, and journalists”.


There’s been a a fair bit of confusion too, with ProtonMail claiming there’s two attackers, one of which they’ve paid a ransom to. Their is a lot of collateral damage from this attack, as with any fairly sustained, heavyweight DDoS attack – it attacks anyone remotely near the victim (in the context of network infrastructure).

Those companies in the same datacenter would be down too, as the DDoS moves up the network chain to the ISP, the upstream Tier 2 provider and beyond. Depending how big it is – it can even impact an entire country or in the worse case scenario, the whole Internet.

It was “the largest and most extensive cyberattack in Switzerland,” according to ProtonMail, “with hundreds of other companies also hit as collateral damage”. The attack also completely took down the the data centre housing ProtonMail’s servers and even affected “several upstream ISPs, causing serious damage”.

Referencing the 300Gbps DDoS attack against Spamhaus in 2013, Herberger stated “basically, we have the attackers trying all possibilities to get to a DDoS situation”.

Asked about attribution, Herberger suggested the resources necessary for such a sizeable, varied, and persistent attack could indicate a nation state.

“It’s interesting,” he told The Register. “The conjecture around here is that a ‘truly’ secure email service is more likely to receive these kind of attacks” as it is the only way of preventing these “dark” communications, he added.

ProtonMail has stated that the attack set back its development timeline, and announced that it would no longer be releasing ProtonMail 3.0 at the end of November.

The Register understands that the attack was exceptionally aggressive, with ProtonMail previously stating that there were two stages (and two attackers) that had provoked the company’s woes.

With this kind of fire-power, it could definitely be a nation state attack. Briefly before the attack started, ProtonMail publicly critiquing the UK policies regarding encryption.

That’s a pretty far fetched conspiracy theory, but there’s a lot of stuff going around, especially with other encrypted e-mail providers and TOR exit nodes suffering DDoS attacks.

ProtonMail managed to raise over $50,000USD from a crowd-sourced campaign to help them mitigate the DDoS attack, so they seem to be ok for the moment.

You can keep up with the latest ProtonMail updates here:

Blog: ProtonMail Blog
Announcements: ProtonMail WordPress
Twitter: @ProtonMail

Source: The Register

Posted in: Cryptography, Networking Hacking, Privacy

, ,


Latest Posts:


Uber Paid Hacker To Hide 57 Million User Data Breach Uber Paid Hackers To Hide 57 Million User Data Breach
Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts.
RDPY - RDP Security Tool For Hacking Remote Desktop Protocol RDPY – RDP Security Tool For Hacking Remote Desktop Protocol
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.
Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.
SNIFFlab - Create Your Own MITM Test Environment SNIFFlab – Create Your Own MITM Test Environment
SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.
Skype Log Viewer Download - View Logs on Windows Skype Log Viewer Download – View Logs on Windows
Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.
Ethereum Parity Bug Destroys Over $250 Million In Tokens Ethereum Parity Bug Destroys Over $250 Million In Tokens
If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically binned $280 Million + ETH.


Comments are closed.