SoylentNews is people
SoylentNews
A secure-email firm, based in Switzerland, has paid a ransom of more than £3,600 after web attacks crippled its website. The hi-tech criminals behind the web attacks said the payment would stop the deluge of data hitting the site. But despite paying up, the web attacks continued, leaving Protonmail struggling to operate. It has now launched a fund-raising drive to raise cash to tackle any future attacks.
Protonmail did not respond to the message and, soon afterwards, was hit by what is known as a distributed denial of service (DDoS) attack. This tries to knock a server offline by bombarding it with more data than it can handle. Protonmail is a free, web-based, encrypted email service that needs its site up and running to serve customers. The first attack knocked out Protonmail for about 15 minutes and then stopped. A second attack the next day was much bigger and overwhelmed efforts by the email firm and its ISP to stop it.
"This co-ordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just Protonmail," it said on the blog. In a bid to halt the attack, Protonmail said it "grudgingly" paid the 15 bitcoin ransom.
[...]
Post-attack analysis suggests Protonmail was targeted in two phases, the company said. The first aided the ransom demand but the second was "not afraid of causing massive collateral damage in order to get at us".
Switzerland's national Computer Emergency Response Team (Cert), which helped Protonmail cope, said the attack was carried out by a cybercrime group known as the Armada Collective. This group has also targeted many other Swiss web companies over the last few weeks, the team said.
(Score: 3, Informative) by q.kontinuum on Saturday November 07 2015, @09:30AM
Both topics have only in common that they are online (as is quite much of our life nowadays) and about paying a ransom. Connecting the FBI recommendation to this email-provider story seemed to imply there was a confidentiality-breach at the mail provider (encrypting their servers to collect ransom for decryption implies read-access to the server in the first place), which tricked me into reading an otherwise rather boring piece of information.
DDoS attacks can't be completely prevented. A typical DDoS attack does not, as the article claims, just block the server by sending too much data; this would be costly for the attacker as well (by loading the bot-net heavily / requiring a huge bot-net). A typical website DDoS-attack is executed by sending small SYN packages and than not reacting on the ACK, thus forcing the server to keep an enormous amount of open sockets.
The first intuitive approach would be to blacklist IPs firing too many syn-requests but a SYN request can have a spoofed IP opening up this defens-mechannism to another type of even faster DDos-attack, by tricking it to block all IPs.
My knowledge might be outdated, so if my critique of the article was wrong, please correct me.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2, Informative) by Francis on Saturday November 07 2015, @02:41PM
I'm pretty sure that the article got the type wrong. I'm not sure anybody does those sorts of attacks any more because you can just stutter the response and use a fraction of a percent of the resources that the attacker is burning through. Something like that isn't terribly sustainable.
It's going to be something like firing off too many syn-requests. That initial connection isn't something that you can do much about. Whenever there's a request the computer has to address it, even if that's just to decide that it should be ignored with no further processing. Get enough of those and you start running low on resources and hit whatever you're limit for connections is.