ProtonMail DDoS Attack – Sustained & Sophisticated

Outsmart Malicious Hackers

So the ProtonMail DDoS Attack – if you’re not familiar ProtonMail is an secure, free, encrypted e-mail service that promises absolutely no compromises. It’s been getting hit hard since November 3rd, with a large scale rather sophisticated set of DDoS attacks rendering it unable to receive or send e-mail.

ProtonMail DDoS Attack - Sustained & Sophisticated

It seems to have mitigated the bulk of attack, but is still going up and down. In a way it’s a good thing tho, it’s improved the reputation of ProtonMail and shows that it’s fairly likely their system is very secure, if it wasn’t breached.

Sustained DDoS attacks are the domain of frustrated people who can’t get into a site/service any other way – so they make it inaccessible. Remember security is a triangle of confidentiality, integrity and availability. If you can’t breach the confidentiality or integrity, go after the availability.

ProtonMail has announced that it has successfully mitigated the DDoS attacks which had hobbled it since last week, while also confirming security systems had not been breached.

The encrypted email service was still being hit as of yesterday, after paying a Bitcoin ransom to one of the two DDoS attackers (the smaller, seemingly less powerful one), known as the Armada Collective, largely due to pressure from other affected companies.

The Swiss Government’s CERT (Computer Emergency Response Team) has today published a notice discouraging the payment of ransoms to DDoS attackers.

ProtonMail stated that it is “happy to announce … that after several days of intense work, we have largely mitigated the DDoS attacks against us.”

“These attacks took ProtonMail offline making it impossible to access emails, but did not breach our security,” according to a statement sent to The Register.

The attacks against the company have continued, but due to “the valiant efforts” of ProtonMail partners, IP-Max and Radware, they “are no longer capable of knocking ProtonMail offline for extended periods of time.”

“As our infrastructure recovers over the next several days, there may still be intermittent service interruptions, but we have now largely restored all services.”

The DDoS targeting ProtonMail was extremely sophisticated, according to the company, which prides itself on offering a means of secure communication to “activists, dissidents, and journalists”.

There’s been a a fair bit of confusion too, with ProtonMail claiming there’s two attackers, one of which they’ve paid a ransom to. Their is a lot of collateral damage from this attack, as with any fairly sustained, heavyweight DDoS attack – it attacks anyone remotely near the victim (in the context of network infrastructure).

Those companies in the same datacenter would be down too, as the DDoS moves up the network chain to the ISP, the upstream Tier 2 provider and beyond. Depending how big it is – it can even impact an entire country or in the worse case scenario, the whole Internet.

It was “the largest and most extensive cyberattack in Switzerland,” according to ProtonMail, “with hundreds of other companies also hit as collateral damage”. The attack also completely took down the the data centre housing ProtonMail’s servers and even affected “several upstream ISPs, causing serious damage”.

Referencing the 300Gbps DDoS attack against Spamhaus in 2013, Herberger stated “basically, we have the attackers trying all possibilities to get to a DDoS situation”.

Asked about attribution, Herberger suggested the resources necessary for such a sizeable, varied, and persistent attack could indicate a nation state.

“It’s interesting,” he told The Register. “The conjecture around here is that a ‘truly’ secure email service is more likely to receive these kind of attacks” as it is the only way of preventing these “dark” communications, he added.

ProtonMail has stated that the attack set back its development timeline, and announced that it would no longer be releasing ProtonMail 3.0 at the end of November.

The Register understands that the attack was exceptionally aggressive, with ProtonMail previously stating that there were two stages (and two attackers) that had provoked the company’s woes.

With this kind of fire-power, it could definitely be a nation state attack. Briefly before the attack started, ProtonMail publicly critiquing the UK policies regarding encryption.

That’s a pretty far fetched conspiracy theory, but there’s a lot of stuff going around, especially with other encrypted e-mail providers and TOR exit nodes suffering DDoS attacks.

ProtonMail managed to raise over $50,000USD from a crowd-sourced campaign to help them mitigate the DDoS attack, so they seem to be ok for the moment.

You can keep up with the latest ProtonMail updates here:

Blog: ProtonMail Blog
Announcements: ProtonMail WordPress
Twitter: @ProtonMail

Source: The Register

Posted in: Cryptography, Networking Hacking, Privacy

, ,

Latest Posts:

GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.
Memcached DDoS Attacks Will Be BIG In 2018 Memcached DDoS Attacks Will Be BIG In 2018
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.
libsodium - Easy-to-use Software Library For Encryption libsodium – Easy-to-use Software Library For Encryption
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.
XSStrike - Advanced XSS Fuzzer & Exploitation Suite XSStrike – Advanced XSS Fuzzer & Exploitation Suite
XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

Comments are closed.