I'm going to start a separate thread on this, since it clearly does not only affect Protonmail. It seems in the last couple days several private email services have come under DDOS attack. So far Protonmail (most famoulsy), VFEMail, Neomailbox, and Runbox are being attacked. Every one except Runbox has stated it is the same organization, Armada Collective. Of course, Protonmail also believes that once the relativley small Armada Collective attack stopped, a continuing much larger and more sophisticated attack has continued against them, possibly from a state sponsored organization. See: https://protonmaildotcom.wordpress.com/2015/11/05/protonmail-statement-about-the-ddos-attack/ https://nl101.vfemail.net/ https://twitter.com/neomailbox/status/662657824036556802 https://blog.runbox.com/category/news/
I guess this is a coincidence, but Safe-Mail is also down. They say they had a "major storage hardware crash." https://www.safe-mail.net/
Neomailbox (my email provider) has been up and down over the last few days. I wouldnt be surprised that state level actors and three letter agencies are responsible as one of the parties.
I manually allow scripts on an as needed basis. For the last couple of days Hushmail has given me a different screen to allow scripts than what I usually see. Today it takes me to a hushmail webpage. Not sure whats going on. I haven't logged in today. Edited to add: https://www.hushmailstatus.com/ The attackers have demanded a ransom, which we will not pay, and have promised an increase in the intensity of the attacks. As such we expect that there will be continued attacks, which may result in further interruptions in service. We are continuing to improve our protection against these attacks, and have filed a criminal complaint with the relevant authorities. Latest Update Sun. Nov 8, 9:35 AM Pacific Time: We'll be performing ongoing system maintenance which may result in brief interruptions in service. Previous Updates Sat. Nov 7, 6:15 PM Pacific Time: Some services are unavailable due to a continued denial-of-service attack. Sat. Nov 7, 3:20 PM Pacific Time: Email delivery delays have been resolved for the time being. Sat. Nov 7, 9:52 AMPacific Time: We're investigating reports of incoming and outgoing email delivery delays. We'll update this page as more information becomes available.
When you go do the Hushmail site you first get a message that it is checking your browser, then it loads the site. The message is different today, but yesterday it said Cloudfare was checking to prevent DDOS attacks, suggesting that they were/are in fact unded a DDOS attack. So this may be what's affecting how you allow scripts.
Yes, I forgot to say that when it loaded that different screen to allow scripts, it lasted for about 5 seconds then automatically went to (what looked like) Hushes site. I was able to grab a screenshot of the first page and the hush page as well. 1/ 2/
Fastmail it turns out was also being DDOSed at the same time. This was posted in the Protonmail thread, but I'm going to repost it here just to keep a tally in one place of email services that were targeted: www.welivesecurity.com/2015/11/12/fastmail-latest-victim-sustained-ddos-offensive/ It's interesting how these services were all attacked at the same time. If you were a small time operator, wouldn't you want to use your botnet on one service and then move on to the next?
This is not the work of Russian Cyber Criminals. Maybe state sponsored. Maybe from China is what I've heard.
