Multiple Private Email Services Under DDOS Attack

Discussion in 'privacy general' started by cb474, Nov 6, 2015.

  1. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    I'm going to start a separate thread on this, since it clearly does not only affect Protonmail. It seems in the last couple days several private email services have come under DDOS attack.

    So far Protonmail (most famoulsy), VFEMail, Neomailbox, and Runbox are being attacked. Every one except Runbox has stated it is the same organization, Armada Collective. Of course, Protonmail also believes that once the relativley small Armada Collective attack stopped, a continuing much larger and more sophisticated attack has continued against them, possibly from a state sponsored organization.

    See:

    https://protonmaildotcom.wordpress.com/2015/11/05/protonmail-statement-about-the-ddos-attack/
    https://nl101.vfemail.net/
    https://twitter.com/neomailbox/status/662657824036556802
    https://blog.runbox.com/category/news/
     
  2. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    I guess this is a coincidence, but Safe-Mail is also down. They say they had a "major storage hardware crash."

    https://www.safe-mail.net/
     
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Zoho has also been (and continues to be) under attack.
     
  4. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    This is scary stuff, although it doesn't surprise me.
     
  5. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Neomailbox (my email provider) has been up and down over the last few days.
    I wouldnt be surprised that state level actors and three letter agencies are responsible as one of the parties.
     
  6. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    I manually allow scripts on an as needed basis. For the last couple of days Hushmail has given me a different screen to allow scripts than what I usually see. Today it takes me to a hushmail webpage. Not sure whats going on. I haven't logged in today.

    Edited to add:

    https://www.hushmailstatus.com/

    The attackers have demanded a ransom, which we will not pay, and have promised an increase in the intensity of the attacks. As such we expect that there will be continued attacks, which may result in further interruptions in service. We are continuing to improve our protection against these attacks, and have filed a criminal complaint with the relevant authorities.

    Latest Update

    Sun. Nov 8, 9:35 AM Pacific Time: We'll be performing ongoing system maintenance which may result in brief interruptions in service.

    Previous Updates
    Sat. Nov 7, 6:15 PM Pacific Time: Some services are unavailable due to a continued denial-of-service attack.

    Sat. Nov 7, 3:20 PM Pacific Time: Email delivery delays have been resolved for the time being.

    Sat. Nov 7, 9:52 AMPacific Time: We're investigating reports of incoming and outgoing email delivery delays. We'll update this page as more information becomes available.
     
    Last edited: Nov 8, 2015
  7. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    When you go do the Hushmail site you first get a message that it is checking your browser, then it loads the site. The message is different today, but yesterday it said Cloudfare was checking to prevent DDOS attacks, suggesting that they were/are in fact unded a DDOS attack. So this may be what's affecting how you allow scripts.
     
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    Yes, I forgot to say that when it loaded that different screen to allow scripts, it lasted for about 5 seconds then automatically went to (what looked like) Hushes site. I was able to grab a screenshot of the first page and the hush page as well.

    1/

    Hushmail 1.png

    2/

    Hushmail 2.png
     
  9. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    325
    Fastmail it turns out was also being DDOSed at the same time. This was posted in the Protonmail thread, but I'm going to repost it here just to keep a tally in one place of email services that were targeted:

    www.welivesecurity.com/2015/11/12/fastmail-latest-victim-sustained-ddos-offensive/

    It's interesting how these services were all attacked at the same time. If you were a small time operator, wouldn't you want to use your botnet on one service and then move on to the next?
     
  10. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,411
    This is not the work of Russian Cyber Criminals. Maybe state sponsored. Maybe from China is what I've heard.
     
  11. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,125
    China is not the first country that pops up in my mind :isay:
    nor the second
     
Loading...