What's Up With ProtonMail Outages?

ProtonMail, a secure email service provider used by more than two million users and references of which has been made in shows like Mr. Robot, has been facing outages for the last two days as it fights numerous DDoS attacks. "The attacks went on for several hours, although the outages were far more brief, usually several minutes at a time with the longest outage on the order of 10 minutes," a ProtonMail spokesperson told BleepingComputer, adding that it has tracked the attack to a group that claims to have ties to Russia. But things are more complicated than that, and it appears ProtonMail users, who are already annoyed at the frequent outages over the last few days, are up for more such downtimes in the coming days. BleepingComputer: But in reality, the DDoS attacks have no ties to Russia, weren't even planned to in the first place, and the group behind the attacks denounced being Russian, to begin with. Responsible for the attacks is a hacker group named Apophis Squad. In a private conversation with Bleeping Computer today, one of the group's members detailed yesterday's chain of events. The Apophis member says they targeted ProtonMail at random while testing a beta version of a DDoS booter service the group is developing and preparing to launch.

The group didn't cite any reason outside "testing" for the initial and uncalled for attack on ProtonMail, which they later revealed to have been a 200 Gbps SSDP flood, according to one of their tweets. "After we sent the first attack, we downed it for 60 seconds," an Apophis Squad member told us. He said the group didn't intend to harass ProtonMail all day yesterday or today but decided to do so after ProtonMail's CTO, Bart Butler, responded to one of their tweets calling the group "clowns."

This was a questionable response on the part of the ProtonMail CTO, as it set the hackers against his company even more. "So we then downed them for a few hours," the Apophis Squad said. Subsequent attacks included a whopping TCP-SYN flood estimated at 500 Gbps, as claimed by the group.

Not clowns

Not clowns. Assholes is the proper term.

I see

[cascadingstylesheet]

The group didn't cite any reason outside "testing" for the initial and uncalled for attack on ProtonMail

As opposed to, er, "called for" (justified?) attacks?

He said the group didn't intend to harass ProtonMail all day yesterday or today but decided to do so after ProtonMail's CTO, Bart Butler, responded to one of their tweets calling the group "clowns."

Oh. Well then. That's perfectly reasonable then ...

They are a bunch of clowns. Or paid by GMail ...

So they act like APK

[Khyber]

Little short bursts, and then when someone does anything they perceive as a slight, constant shitstorm until they autistic-fit themselves to exhaustion.

Amusing. I wonder what they'd have done had the CTO called them fags instead.

And only a mere 200 Gbit? That's child's play, I've got an easy order of magnitude more bandwidth than that just on my remote office servers alone.

Betting none of them are over the age of 25, otherwise they'd know where to get real bandwidth.

Re:So they act like APK

[greenwow]

What are you using for the physical layer? I call BS on your 2 Tbps claim. I manage 100 Mbps connections to Level 3, Wave, and Verizon, and we're paying over $1k per month each for a connection 20,000 slower than your ridiculous claim.

Re:So they act like APK

[greenwow]

No, but I've seen OC-768 equipment owned by AT&T in a datacenter which is huge, but still less than 40 Gbps. Still waiting on the answer as to how to get a 2 Tbps connection that was claimed. Even OC-3840, which I last I heard isn't being deployed yet, is still only 1/10 of the claimed speed.

Worse than clowns

[Dog-Cow]

I hope every member of this group that is identified has his balls ripped off.

Re:Get medieval...

[mnemotronic]

Ok kids! Group Hug!

Internet infrastructure is retarded

[Pinky's+Brain]

As an owner of an IP I should be able to tell a service provider to simply cut off traffic from given IPs on his network (or his entire network if they don't do effective ingress/egress filtering). Start up internet 2 with a less retarded infrastructure already, this shit got ridiculous 20 years ago and the fact that we haven't even attempted to fix it is just insane.

Re:Internet infrastructure is retarded

[ilsaloving]

The problem is scale. It's not just a couple machines doing this... It's thousands or 10s of thousands of machines that are usually spread across entire countries or multiple countries. And those machines don't even do sustained traffic anymore. Maybe 20% of them will do The Thing(tm), then they'll go quiet and another batch will start doing The Thing(tm).

That's why DDOS' ard so hard to mitigate against.

Impressive numbers

[mnemotronic]

Big numbers. Obviously they have a large botnet. But as soon as they start using it people will figure out the infected units, find the vulns used to subvert them and start unwinding the network.

And the thing is, what goes around, comes around. Eventually.

Clowns?

[I-am-a-Banana]

Calling these guys clowns are an insult to clowns. This group needs jail time and a ban from the internet.

Re:Clowns?

[cellocgw]

Calling these guys clowns are an insult to clowns. This group needs jail time and a ban from the internet.

So do clowns. Ick Yuck Scary.

Let alone dealing with Pennywise, who keeps trying to get us to float.

Total American Dude

[PopeRatzo]

But in reality, the DDoS attacks have no ties to Russia, weren't even planned to in the first place, and the group behind the attacks denounced being Russian, to begin with.

I'm not sure which language this was translated to English from, but my guess is Russian.