Slashdot Mirror

← Back to Stories (view on slashdot.org)

Email Provider ProtonMail Says It Hacked Back, Then Walks Claim Back (vice.com)

Posted by msmash on from the getting-carried-away dept.

An anonymous reader shares a report: On Wednesday, encrypted email provider ProtonMail claimed it had hacked someone who was impersonating its service in phishing emails, and the company then swiftly deleted the tweet. Early Wednesday morning, the security researcher known as x0rz tweeted out a series of screenshots allegedly showing someone sending emails that directed targets to a fake ProtonMail login screen. "You have an overdue invoice," the message read. In response, ProtonMail said it had taken action. "We also hacked the phishing site so the link is down now," ProtonMail tweeted. Depending on the context and what exactly the retaliating organization did, hacking back can be illegal. Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation. A recently proposed bill would attempt to legalize the practice. ProtonMail swiftly deleted its tweet, but not before x0rz could grab and subsequently tweet a screenshot. x0rz then deleted his own tweet at the request of ProtonMail.

8 of 30 comments (clear)

  1. Very Bad Idea by EndlessNameless · · Score: 4, Insightful

    So apparently, this is some amateur-hour outfit? I thought they were supposed to be technically and legally astute.

    They either don't have lawyers, don't know when to talk to them, or don't listen to them. Or they let random idiots post on their Twitter feed.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    1. Re:Very Bad Idea by zlives · · Score: 4, Insightful

      " random idiots post on their Twitter" is there any exception to this rule?

    2. Re:Very Bad Idea by GLMDesigns · · Score: 2

      It looks bad. It's a great service - or at least I hope so :{

      The promise is simple, secure email, from a privacy loving company and backed by a country that seems to respect privacy (Switzerland)

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    3. Re:Very Bad Idea by Morris+von+Habsburg · · Score: 2

      The 'Computer Fraud and Abuse Act' is an American law and so doesn't apply in Switzerland where ProtonMail is based. It might be that Swiss law also bans 'hacking back' but the 'Computer Fraud and Abuse Act' is not relevant in this case.

    4. Re:Very Bad Idea by zlives · · Score: 2

      perchance... do they post randomly?!

  2. Re:lol by GLMDesigns · · Score: 2

    Searched him up. Interesting tidbits.

    https://blog.0day.rocks/@x0rz

    --
    If you're scared of your govt then you need to further restrict its powers
    Vote 3rd Party in 2016 and beyond
  3. Heh by the_skywise · · Score: 4, Interesting

    They hacked the man behind the curtain didn't they?
    x0rz found the tweet, posted it and then ProtonMail told them who they hacked and x0rz promptly yanked down their post too!
    If that's not "oh sh--!" moment, I dunno what is!

  4. The US is not the world... by bradley13 · · Score: 2

    Hacking could violate the Computer Fraud and Abuse Act, or perhaps even wiretapping legislation.

    This is clearly a reference to US law. ProtonMail is based in Switzerland, hence, US law is utterly irrelevant. I know that most /.ers are located in the US, but your country does not encompass the world.

    Of course, we have our own laws regarding electronic breaking and entering, and IANAL so I'm not going to speculate about the legalities here. Just wanted to point out that ProtonMail is not a US company, so comments about US law are off-base.

    --
    Enjoy life! This is not a dress rehearsal.