Protonmail needs DDOS expertise

So it would seem that the NSA and GCHQ are probing away at privacy advocating companies such as Protonmail, Ovpn.se etc.

Now, the Protonmail team are asking for help, so if there’s anyone out there that knows how to fend off DDOS attacks, now you know.

Read full blogpost(s) at: https://protonmaildotcom.wordpress.com/
Situation updates at: https://twitter.com/protonmail

If you or someone you know has experience with mitigating enterprise
level DDOS attacks, we welcome your expertise. You can contact us via
the following addresses:
Andy Yen:

andy.l.yen [at] cern [dot] ch
Jason Stockman:

hello [at] jasonstockman [dot] com

Secure email with no compromises, brought to you by CERN and MIT scientists.

1 Like

They are a small tech startup so I doubt they saw this coming so I'll give them the benefit of the doubt.
I was surprised to see that I couldn't login to Protonmail today.

I'm unable to reach them to check my email at the moment. So this must be a sustained attack if it's still going on 2 days later.

move your servers to cloud flare if possible, if not use these guys https://www.blacklotus.net/

cloudflare has had a shit ton of experience protecting against ddos and are the affordable experts. black lotus is more for larger business and might be out of their budget but it would mean not changing hosting servers.

protonmail is encrytped. Using cloudfare would ruin the meaning of that.

http://map.norsecorp.com/

cyber war

https://protonmaildotcom.wordpress.com/ Not sure i know what to think of these guys now.

Judging by the thread they must have used amplification attacks against the ISP and Data center. The power they're stating is not that far out of reach these days.

Not the the extent to what the protonmail devs want it to be. that was the point of my comment.

It reads as if they were "encouraged" to pay by 3rd parties also hindered by the DDoS. I would guess that some other companies also use the same ISP (banks? gvt?) so that those 3rd parties wanted their shit to work again.

Yeah. Sounds like they were DDoS'd by two different parties, though. The ransom was for the first DDoS, so the ransom they paid didn't even affect the worse one, which was affecting the other businesses.

@LIFE I highly doubt that. They say that the solutions require $100k a year, and they ask for $50k, which I'm assuming is not even as much above the first attack, which sounds like it wasn't even that much of a problem, at least, not as much compared to the onslaught they received. Other companies were losing a lot of money that was probably greater than the amount of the ransom, and they didn't know that the ransom was not for the greater range of attacks.

The second attack was 100Gbps clearly from some state-sponsored or from organization with big resources but i have this feeling that the second attack wasn’t only for ProtonMail.Maybe i'm wrong and i see conspiracies xD

I can't believe they paid the ransom. It didn't occur to anybody from their team could that the DDOS could continue even after the money has been paid. Seriously?

It wasn't the same attackers. They were being DDoS'd by two different parties, according to the attackers that sent the ransom. They were also pressured to pay the ransom by certain companies due to the effect that the DDoS had on those that shared their ISP and datacenter (including banks and other cost-critical businesses). This was touched on by the above posts.

Just donated 60 dolla. Hope they will be back up soon.

They announced not too long ago on their Twitter that one of their engineers was leaving to pick up some important-sounding hardware. Hopefully they'll be fully operational again by the end of the weekend.

They are up, well for the time being.

The thing with DDoS is that you can only mitigate it IF you have a bigger pipe than the traffic that is poured over your service. Even if you have the hardware to withstand the rapid session opening and millions of packets, if your uplink is all saturated, then your servers are save but your service is not. You get into BGP session breakdowns and all sorts of other issues.

The only real protection is through services like Cloudflare. You can upload your certificate and maintain the HTTPS connection to your service.

So, yes, Protonmail does not need staff, they need a service :)