Slashdot Mirror

← Back to Stories (view on slashdot.org)

Webmail Services Struggling Against DDoS Attacks (fastmail.com)

Posted by Soulskill on from the lag-as-a-service dept.

An anonymous reader writes: A few days ago, privacy-oriented webmail service ProtonMail was hit by a massive DDoS attack, which was accompanied by extortion. It turns out they're not the only ones. FastMail has warned that similar attacks could lead to service disruptions this week. They have refused extortion demands, and have been hit with a couple brief attacks already. This follows attacks over the last week on Runbox, Zoho, and Hushmail. Each service has been working with data centers and network providers to mitigate the attacks as well as possible, but they're still struggling with intermittent service disruptions.

6 of 90 comments (clear)

  1. NSA by Anonymous Coward · · Score: 3, Insightful

    Sounds like the NSA is hard at work trying to stomp out anyone who thinks they can evade surveillance.

  2. Re: Maybe botnet members should be held responsibl by ShanghaiBill · · Score: 4, Insightful

    More like, the companies who wrote the OS should be responsible.

    No. Botnets run mostly on deprecated and unpatched systems with known security holes. That is not the fault of the OS vendors. If software vendors are held liable for the stupidity of their users, then software will become far more expensive, and FOSS will disappear completely.

  3. Re:Maybe botnet members should be held responsible by ArmoredDragon · · Score: 4, Insightful

    I myself advocate an approach that identified zombie systems simply have their internet service shut off. We've been able to pretty cleanly identify which IP addresses are the source of these attacks, why not have legislation requiring that they simply lose their internet access until they fix it? Kind of like the ham radio days where you're held accountable for your activities when transmitting to the public.

    Take it a step further and establish a treaty body that requires each signing nation set up the same laws for their ISPs, in addition to a trade organization that enforces these rules.

    That would put a stop to this real fast. Either way something has to be done because this is going to get out of control real fast as even more people get high speed broadband and have no idea what the fuck they're doing with their equipment.

  4. Re:Givernment attacks? by Ralph+Wiggam · · Score: 5, Insightful

    ProtonMail suspects a "state actor" but has zero evidence to support that. It makes no sense for a government to just DDOS a mail service. Governments would hack into the servers.

  5. Re:Maybe botnet members should be held responsible by ArmoredDragon · · Score: 3, Insightful

    I wouldn't advocate a requirement to install antivirus software. Something like a 48 hour notice first, followed by 48 hour suspension. If after your service is restored and the problem isn't resolved, then you've got 24 hours to resolve, and if not resolved, the suspension time doubles to 96 hours. Something like keep doubling the suspension period until resolution. The long suspension wouldn't reset to 48 hours until about 6 months of no indication of botnet activity.

    As for countries that wouldn't sign on to the treaty, you could do something like require any routers that border to a non-signatory nation have the known botnet IP addresses blocked for one week, and there is no warning period. Some of the ISP's customers might get upset really fast if they find that half of the internet doesn't even work most of the time, and let them sort out among themselves how they fix it.

  6. Re:Givernment attacks? by Anonymous Coward · · Score: 2, Insightful

    Governments would hack into the servers.

    Unless they couldn't. Then they would want to "discourage" people from using the service. Governments aren't all-powerful (yet).