What's Up With ProtonMail Outages?

ProtonMail, a secure email service provider used by more than two million users and references of which has been made in shows like Mr. Robot, has been facing outages for the last two days as it fights numerous DDoS attacks. "The attacks went on for several hours, although the outages were far more brief, usually several minutes at a time with the longest outage on the order of 10 minutes," a ProtonMail spokesperson told BleepingComputer, adding that it has tracked the attack to a group that claims to have ties to Russia. But things are more complicated than that, and it appears ProtonMail users, who are already annoyed at the frequent outages over the last few days, are up for more such downtimes in the coming days. BleepingComputer: But in reality, the DDoS attacks have no ties to Russia, weren't even planned to in the first place, and the group behind the attacks denounced being Russian, to begin with. Responsible for the attacks is a hacker group named Apophis Squad. In a private conversation with Bleeping Computer today, one of the group's members detailed yesterday's chain of events. The Apophis member says they targeted ProtonMail at random while testing a beta version of a DDoS booter service the group is developing and preparing to launch.

The group didn't cite any reason outside "testing" for the initial and uncalled for attack on ProtonMail, which they later revealed to have been a 200 Gbps SSDP flood, according to one of their tweets. "After we sent the first attack, we downed it for 60 seconds," an Apophis Squad member told us. He said the group didn't intend to harass ProtonMail all day yesterday or today but decided to do so after ProtonMail's CTO, Bart Butler, responded to one of their tweets calling the group "clowns."

This was a questionable response on the part of the ProtonMail CTO, as it set the hackers against his company even more. "So we then downed them for a few hours," the Apophis Squad said. Subsequent attacks included a whopping TCP-SYN flood estimated at 500 Gbps, as claimed by the group.

Not clowns

[Anonymous Coward]

Not clowns. Assholes is the proper term.

Re:Get medieval...

[mnemotronic]

Ok kids! Group Hug!

Re:

[l0ungeb0y]

Going off on someones angry, violent rant with an angry, violent rant of your own Please just STFU, because as high and mighty and better than others as you might think you are, you are in fact just another fucking moron who is merely too self-deluded an idiot to see it. Get help, get education, don't speak at all and you might learn a few things

I see

[cascadingstylesheet]

The group didn't cite any reason outside "testing" for the initial and uncalled for attack on ProtonMail

As opposed to, er, "called for" (justified?) attacks?

He said the group didn't intend to harass ProtonMail all day yesterday or today but decided to do so after ProtonMail's CTO, Bart Butler, responded to one of their tweets calling the group "clowns."

Oh. Well then. That's perfectly reasonable then ...

They are a bunch of clowns. Or paid by GMail ...

Re:

[Anonymous Coward]

There's also the issue of taking admitted criminals at their word.

Given that the gross majority of for-profit cyber crime operations are Eastern European, Russian, or Russian state affiliated (Or all of the above) it's not a bad assumption either.

Thugs feel righteous

[mi]

As opposed to, er, "called for" (justified?) attacks?

Yeah, such as on the Trump's administration officials [dailywire.com]...

Re:

[Zontar The Mindless]

Wondering whether they have anything to do with Slack being DOA world wide for a good part of yesterday?

Re:

[tattood]

The group didn't cite any reason outside "testing" for the initial and uncalled for attack on ProtonMail

As opposed to, er, "called for" (justified?) attacks?

As opposed to paid-for attacks, which is what their system is intended to be used for.

So they act like APK

[Khyber]

Little short bursts, and then when someone does anything they perceive as a slight, constant shitstorm until they autistic-fit themselves to exhaustion.

Amusing. I wonder what they'd have done had the CTO called them fags instead.

And only a mere 200 Gbit? That's child's play, I've got an easy order of magnitude more bandwidth than that just on my remote office servers alone.

Betting none of them are over the age of 25, otherwise they'd know where to get real bandwidth.

Re:

[greenwow]

What are you using for the physical layer? I call BS on your 2 Tbps claim. I manage 100 Mbps connections to Level 3, Wave, and Verizon, and we're paying over $1k per month each for a connection 20,000 slower than your ridiculous claim.

Re:

[greenwow]

No, but I've seen OC-768 equipment owned by AT&T in a datacenter which is huge, but still less than 40 Gbps. Still waiting on the answer as to how to get a 2 Tbps connection that was claimed. Even OC-3840, which I last I heard isn't being deployed yet, is still only 1/10 of the claimed speed.

Re:

[Khyber]

Your answer was provided.

And so you know what equipment is used - https://i.imgur.com/wZ0cjjt.pn... [imgur.com] in each and every location I have servers.

Come back when you actually do real global networking, boss. You're about 15 years behind me.

Re:

[Khyber]

" remote office servers"

I mean, if you can't even think that particular statement through, you shouldn't even be in IT, son.

As in, GLOBAL REMOTE. When you run a remote virtual office company, you need fucking BANDWIDTH, son.

Re:

[tattood]

Where can you get this magical order of a magnitude greater than 200 Gbps connection you claim? I'm in one of the largest exchange points on the west coast, and they're just now rolling out 100 Gbps ethernet.

You could have 20 100 Gbps links. That would give you 2Tbps.

Worse than clowns

[Dog-Cow]

I hope every member of this group that is identified has his balls ripped off.

Re:

[Luckyo]

Ovaries perform the comparable function in ladies.

Free advertising for hacker group

[InvalidsYnc]

Great, all this does is provide advertising for people that will want to contract for their "new and improved" DDoS service.. Nice.

Internet infrastructure is retarded

[Pinky's Brain]

As an owner of an IP I should be able to tell a service provider to simply cut off traffic from given IPs on his network (or his entire network if they don't do effective ingress/egress filtering). Start up internet 2 with a less retarded infrastructure already, this shit got ridiculous 20 years ago and the fact that we haven't even attempted to fix it is just insane.

Re:Internet infrastructure is retarded

[ilsaloving]

The problem is scale. It's not just a couple machines doing this... It's thousands or 10s of thousands of machines that are usually spread across entire countries or multiple countries. And those machines don't even do sustained traffic anymore. Maybe 20% of them will do The Thing(tm), then they'll go quiet and another batch will start doing The Thing(tm).

That's why DDOS' ard so hard to mitigate against.

Re:

[Pinky's Brain]

It's not like they can afford to only send a single packet per compromised device, there are still limits to their pool. They each send hundreds of thousands of packets in an attack, if you can detect an IP as an attacker after say a 100 packets and push a rule to their provider which blocks them for a couple of days it will put a huge crimp on the potential.

Also you can create IP blacklists and ISP blacklists (for the ones with no ingress/egress filtering) similar to the email blacklists. Being attacked, j

Re:

[SuiteSisterMary]

In other words, you want to set up an official, institutionalized DDOS?

I mean, what's the prevent a bad actor from pushing this list to providers which will cut off people for days, with no oversight?

Re:

[Pinky's Brain]

PKI based proof of ownership of the IP.

Re:

[Pinky's Brain]

PS. I should add that if it were not clear, you only block traffic from the suspected attacker's IP to the attacked IP. You don't cut them off the internet, you cut them off from the ability of reaching you. That's why it has to happen at the originator ISP, you can't do it at your own firewall and if you tried to do this even at the backbone level the wire speed and the required sizes of the lookup tables make it all far too expensive. If it happens at the originater's ISPs the resources required are minim

Re:

[Pinky's Brain]

Firewalls don't help unless they are way upstream, that's my point ... as the owner of an IP I should be able to put up a firewall upstream, preferably all the way at the ISP of the attacker (or blocking an entire ISP at the backbone level if the ISP is a known attacker which doesn't bother with ingress/egress filtering).

Message to Apophis Squad

[Anonymous Coward]

You guys fucking suck!

Signed,
totally the real Microsoft CEO, I swear on his life.

What's up with ProtonMail outages?

[DontBeAMoran]

And what's the deal with airplane peanuts?

Impressive numbers

[mnemotronic]

Big numbers. Obviously they have a large botnet. But as soon as they start using it people will figure out the infected units, find the vulns used to subvert them and start unwinding the network.

And the thing is, what goes around, comes around. Eventually.

Sorry, we got the wrong target

[mi]

http://www.nydailynews.com/new-york/ny-metro-teen-murdered-in-bronx-nypd-explorer-20180623-story.html

Clowns?

[I-am-a-Banana]

Calling these guys clowns are an insult to clowns. This group needs jail time and a ban from the internet.

Re:

[cellocgw]

Calling these guys clowns are an insult to clowns. This group needs jail time and a ban from the internet.

So do clowns. Ick Yuck Scary.

Let alone dealing with Pennywise, who keeps trying to get us to float.

Re:

[smooth wombat]

Naw. They need to be shot.

I've gotten to the point where people like this simply need to be removed from society. This isn't an accident or something they didn't know they shouldn't do. They know perfectly well what they're trying to accomplish.

This goes for all criminals at this point in time. It's not as if the rules of society aren't known. One can't claim they didn't know they shouldn't rob/rape/murder/steal from someone. These basic rules weren't enabled yesterday.

And yes, this is a r

Total American Dude

[PopeRatzo]

But in reality, the DDoS attacks have no ties to Russia, weren't even planned to in the first place, and the group behind the attacks denounced being Russian, to begin with.

I'm not sure which language this was translated to English from, but my guess is Russian.

Re:

[Zontar The Mindless]

His Whollyness doesn't care for the fact the the American people were lied to and manipulated by corrupt politicians who sold themselves out to a foreign power, in order to achieve that vote. And I don't, either.

But the truth is coming out as more of their activities and connections are being brought out and exposed under the bright light of day.

#TICKTOCK

Re:

[Zontar The Mindless]

Well, yeah--that's sort of the *point*, genius.

Re:

[Zontar The Mindless]

Butt-hurt script-kiddy detected.

Re:

[dos1]

Exactly. "Hacker culture" means something completely different.

Will someone please find these people

[fredrated]

and beat them to within an inch of their lives?

Do not trash talk in Local

[xenog]

Rule number one of EVE Online: do not be salty in public communication channels when somebody destroys your ship for no good reason.