
ProtonMail Statement about the DDOS Attack - rtplasma
https://protonmaildotcom.wordpress.com/2015/11/05/protonmail-statement-about-the-ddos-attack/
======
ngrilly
I want to emphasise this sentence:

"This means that ProtonMail is likely under attack by two separate groups,
with the second attackers exhibiting capabilities more commonly possessed by
state-sponsored actors."

~~~
jboynyc
The initial attackers transferred back a small amount of btc to Protonmail to
communicate that "somebody with great power" had come in for the kill after
them:
[https://blockchain.info/tx/7fca8fb2ee6d0bee0544fa8b9653ecd17...](https://blockchain.info/tx/7fca8fb2ee6d0bee0544fa8b9653ecd1798e8a3402ec64906d9fe9f3c2deead7)

------
LeoPanthera
Unbelievable that they actually handed over $6000 to those criminals. No
wonder they didn't stop the attack, they probably thought they could get more!

~~~
teekert
"This coordinated assault on key infrastructure eventually managed to bring
down both the datacenter and the ISP, which impacted hundreds of other
companies, not just ProtonMail.

At this point, we were placed under a lot of pressure by third parties to just
pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the
bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. We hoped that by paying,
we could spare the other companies impacted by the attack against us, but the
attacks continued nevertheless."

I understand the reasons but I'd prefer to not have access to my mail for a
day than to give into these criminals. That said the damage probably easily
exceeds $6000, I can understand other companies trying to pressure Protonmail.

~~~
godgod
Isn't the ISP/carrier ultimately responsible for mitigating these types of
attacks? You rent a line and some IP addresses, not the garbage coming into
their network.

I'd be interested to hear how Matthew Prince at Cloudflare would mitigate
these NTP/SSDP amplification attacks.

While I agree they are a juicy target for nation states, without proof that
claim rings hallow. Why would the NSA/Russians/Chinese want $6000 from
Protonmail when all they'd have to do is use XKEYSCORE to filter out
Protonmail users and hack computers to get the secret E-mail at layer 7.
Shutting down the Protonmail doesn't help a nation state at all. They WANT to
know who's sending/receiving encrypted E-mail. The second wave of the attack
would be as simple as targeting the last few hops to protonmail. That's not
rocket science. If extortion was the goal of a nation state, we'd all be
broke.

This attack smells more of a sophisticated asshole blackhat haxor with some
advanced tools and a knowledge of vulnerabilities in critical internet
protocols.

