Protonmail currently under massive DDoS attack - out of service 36 hours and counting.

Discussion in 'Security, Privacy & Anonymity' started by Millard Baker, Nov 5, 2015.

  1. MindlessWork

    MindlessWork Member Supporter

    Probably with some careful configuration with Cloudflare there should not be any private data exposed on Protonmail's side.
    Millard Baker likes this.
  2. gr8whitetrukker

    gr8whitetrukker Member Supporter

    Dear ProtonMail Community,

    As many of you know, last week ProtonMail came under a massive distributed denial-of-service (DDoS) attack which knocked our service offline for several days. Unfortunately, we were initially unable to defend against such a massive attack and suffered downtime as a result. Despite the ferocity of the attack, our server security measures and end-to-end encryption meant we were able to keep user data secure.

    This incident was one of the largest cyberattacks ever in Switzerland and caused enough damage to knock an entire datacenter offline. In an attempt to keep ProtonMail offline, upstream ISPs were also attacked, knocking hundreds of other businesses offline in countries as far away as Russia. The main attack began on Wednesday, November 4th, and it was not until the evening of Saturday, November 7th that we were able to bring the situation until control. Full details about the attack can be found on our blog here.

    There is no doubt that the purpose of the attack was to keep ProtonMail offline for as long as possible. In doing so, the attackers wanted to deny email privacy to nearly a million people worldwide. The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future. Our vision for an Internet that respects privacy and freedom can be assaulted, but it will never be destroyed.

    Instead of weakening ProtonMail, these attacks have only made us stronger, and rallied more people to our cause. Collectively, the ProtonMail community raised $50,000 for the ProtonMail Defense Fund in just three days, giving us the resources to defeat the current attack and protect against future ones. In defending ProtonMail, we were joined byRadware, one of the world's premier DDoS protection companies. We also redesigned our network infrastructure to have a dedicated link to a Tier 1 carrier in Zurich. In addition to the privacy benefits of controlling all traffic in and out of our datacenter, this also makes our network far more difficult to attack.

    Our cause is also joined by IP-Max, the best network experts in Switzerland. The IP-Max team worked extremely long hours for several days in a row to bring us back up. And they did it entirely on a volunteer basis, simply to support our community. Building an entire network from scratch and bringing it online in a few days requires an incredible effort, and it was only with their assistance that we were able to come back online as quickly as we did.

    The result is that ProtonMail is now stronger than ever. Not only did we mitigate the largest DDoS attack in Switzerland in a couple days, we also gained the ability to resist such attacks in the future. We would like to thank the entire ProtonMail community for your many kind words of encouragement and support during this difficult time. We built ProtonMail for you, and it is truly an honor to have you standing behind us, in both good times and bad times. We look forward to continuing on this journey towards a more private and free Internet with all of you.

    Best Regards,

    The Entire ProtonMail Team
    MindlessWork likes this.
  3. Maktub

    Maktub Member

    Great explanation men !
  4. Millard Baker

    Millard Baker Member

    Full details of the recent DDoS attack and the Protonmail response:

    Exclusive: Inside the ProtonMail siege: how two small companies fought off one of Europe's largest DDoS attacks