Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back (vice.com) 30

An anonymous reader shares a report: On Wednesday, encrypted email provider ProtonMail claimed it had hacked someone who was impersonating its service in phishing emails, and the company then swiftly deleted the tweet. Early Wednesday morning, the security researcher known as x0rz tweeted out a series of screenshots allegedly showing someone sending emails that directed targets to a fake ProtonMail login screen. "You have an overdue invoice," the message read. In response, ProtonMail said it had taken action. "We also hacked the phishing site so the link is down now," ProtonMail tweeted. Depending on the context and what exactly the retaliating organization did, hacking back can be illegal. Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation. A recently proposed bill would attempt to legalize the practice. ProtonMail swiftly deleted its tweet, but not before x0rz could grab and subsequently tweet a screenshot. x0rz then deleted his own tweet at the request of ProtonMail.
This discussion has been archived. No new comments can be posted.

Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back

Comments Filter:
  • Very Bad Idea (Score:5, Insightful)

    by EndlessNameless ( 673105 ) on Wednesday August 16, 2017 @03:51PM (#55029121)

    So apparently, this is some amateur-hour outfit? I thought they were supposed to be technically and legally astute.

    They either don't have lawyers, don't know when to talk to them, or don't listen to them. Or they let random idiots post on their Twitter feed.

    • Re:Very Bad Idea (Score:5, Insightful)

      by zlives ( 2009072 ) on Wednesday August 16, 2017 @03:54PM (#55029161)

      " random idiots post on their Twitter" is there any exception to this rule?

    • It looks bad. It's a great service - or at least I hope so :{

      The promise is simple, secure email, from a privacy loving company and backed by a country that seems to respect privacy (Switzerland)
    • The 'Computer Fraud and Abuse Act' is an American law and so doesn't apply in Switzerland where ProtonMail is based. It might be that Swiss law also bans 'hacking back' but the 'Computer Fraud and Abuse Act' is not relevant in this case.

      • by Khyber ( 864651 )

        CFAA applies if the person that got hacked is in the USA. We have these things called Treaties, you know.

        • by Anonymous Coward

          While you're correct, something tells me

          - a phisher isn't going to call up the FBI to lodge a complaint

          - the idiot whose WordPress was probably already hacked by the phisher won't understand what happened

          - the hosting provider doesn't give a shit either

          There's little risk in ProtonMail fucking around with some US-based phishing site. Admitting to it was stupid, though.

  • by Anonymous Coward

    You cant legally but hey can

  • They probably figured out they hacked a government phishing operation.
  • This article mentions the CFAA, however ProtonMail (and Proton Technologies AG) seem to be located wholly in Switzerland, so this law would not apply. I am not sure of any equivalent laws Switzerland may have.
    • by arth1 ( 260657 )

      This article mentions the CFAA, however ProtonMail (and Proton Technologies AG) seem to be located wholly in Switzerland, so this law would not apply. I am not sure of any equivalent laws Switzerland may have.

      I think the CEO has to place an apple on his son's head.

  • Heh (Score:5, Interesting)

    by the_skywise ( 189793 ) on Wednesday August 16, 2017 @04:21PM (#55029397)
    They hacked the man behind the curtain didn't they?
    x0rz found the tweet, posted it and then ProtonMail told them who they hacked and x0rz promptly yanked down their post too!
    If that's not "oh sh--!" moment, I dunno what is!
  • If that is indeed true they violated the computer fraud act and opened them selves up to legal actions.
  • by bradley13 ( 1118935 ) on Thursday August 17, 2017 @01:52AM (#55032321) Homepage

    Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation.

    This is clearly a reference to US law. ProtonMail is based in Switzerland, hence, US law is utterly irrelevant. I know that most /.ers are located in the US, but your country does not encompass the world.

    Of course, we have our own laws regarding electronic breaking and entering, and IANAL so I'm not going to speculate about the legalities here. Just wanted to point out that ProtonMail is not a US company, so comments about US law are off-base.

    • they are only off base if the hacked target was also not in the US, not completely unlikely given the common use of cloud providers to perform such hacks.

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...