Tag Archives: IP

ProtonMail Pays $6,000 Ransom To Stop DDOS Attacks, Gets Taken Out By DDoS Anyway

Published by:

delete_email

A supplier of end-to-end scrambled email said it paid a payoff of just about $6,000 to stop exceptionally propelled disavowal of-administration assaults that thumped its systems, and the systems of some of its upstream suppliers, disconnected from the net.

In a blog entry distributed Thursday, authorities of Switzerland-based ProtonMail said they “grudgingly agreed” to pay 15 bitcoins, which at current valuations came to about $5,850 USD to the assailants in return for them stopping the DDOS strike. Indeed, even in the wake of paying the total, the crippling assaults proceeded. However at the time the blog entry was being written, the attacks had died down. The payment installment is creating challenge from commentators who say it will just empower more assaults. ProtonMail authorities said:

We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.

The battle started not long after 12 pm on Tuesday, when ProtonMail got a blackmail email from a gathering of crooks said to be in charge of a series of DDoS assaults crosswise over Switzerland in the course of recent weeks. The message was soon trailed by an appropriated disavowal of-administration assault that went on for around 15 minutes. The assault continued at 11am that day and was at that point demonstrating “an uncommon level of refinement.” By 2pm, the surge of garbage movement came to volumes of 100 gigabits for each second and started focusing on ProtonMail’s datacenter and upstream suppliers, incorporating switches in Zurich, Frankfurt, and different areas where the ISP has hubs.

“This planned ambush on key foundation in the end figured out how to cut down both the datacenter and the ISP, which affected many different organizations, not simply ProtonMail.”

The blog entry went ahead to say:

Through MELANI (a division of the Swiss federal government), we exchanged information with other companies who have also been attacked and made a few discoveries. First, the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.

At present, ProtonMail’s infrastructure is still vulnerable to attacks of this magnitude, but we have a comprehensive long term solution which is already being implemented. Protecting against a highly sophisticated attack like the second one which was launched against us requires sophisticated solutions as we also need to protect our datacenter and upstream providers. Cost estimates for these solutions are around $100,000 per year since there are few service providers able to fight off an attack of this size and sophistication. These solutions are expensive and take time to implement, but they will be necessary because it is clear that online privacy has powerful opponents. In order to cover these costs, we are collecting donations for a ProtonMail defense fund.

The battle started not long after 12 pm on Tuesday, when ProtonMail got a blackmail email from a gathering of hackers said to be in charge of a series of DDoS assaults crosswise over Switzerland in the course of recent weeks. The message was soon trailed by an appropriated disavowal of-administration assault that went on for around 15 minutes. The assault continued at 11am that day and was at that point demonstrating “an uncommon level of refinement.” By 2pm, the surge of garbage movement came to volumes of 100 gigabits for each second and started focusing on ProtonMail’s datacenter and upstream suppliers, incorporating switches in Zurich, Frankfurt, and different areas where the ISP has hubs.

“This planned ambush on key foundation in the end figured out how to cut down both the datacenter and the ISP, which affected many different organizations, not simply ProtonMail.”

The blog entry went ahead to say:

How to Ensure Your Smartphone is Properly Secured

Published by:

There is a great likelihood that you use your smartphone for browsing the internet more often than your desktop or laptop these days. Yet just because you are using your smartphone for your browsing does not mean you need to be any less security conscious on your smartphone than you would be on your normal computer. In fact, you may very well need to be more security conscious.

Smartphone security has a lot more to it other than making sure someone else doesn’t pickpocket your phone and sell it on eBay for $50. You also need to protect your data and personal information that is contained on your smartphone and make sure that your phone isn’t infected by mobile malware that has become a major threat as of the last few years. There are plenty of problems out there, so you need to know what will defend you.

Smartphone

Here are some of the main ways that you can keep your smartphone and its data under lock and key:

Use a Virtual Private Network

Considering where they are most often used, smartphones are most vulnerable when they are browsing the internet or conducting transactions on public networks. Public networks often have no protection installed on them, so any person or administrator with a simple setup can intercept personal data that your smartphone is sending or receiving. This can lead to identity theft and a host of other troubles, including stolen accounts and impersonation.

You can secure your phone from this threat by using a Virtual Private Network (VPN), which is a service that will connect your smartphone to a secure offsite server using an encrypted connection. What you can expect from this is a higher level of privacy from your IP address being masked by the server. You can also expect protection on any network because the connection created will have a high level of encryption, which won’t allow anyone to view what you are doing on your phone. You will be able to use just about any network you want without fear.

You will need to pick one out, but there are a lot of VPNs out there that will not live up to their claims. For this reason, try checking out reviews from sources such as Secure Thoughts and VPN Reviewz that are trusted names in the industry.

Lock Screens and Keeping it on Your Person

One of the simplest things that you can do in order to increase your security is set up a lock screen, whether it is a long PIN number, a password or a fingerprint. Use whatever you feel is best for your lifestyle and your phone. This will keep hackers and thieves out of your phone for at least a little while, so you can discover your phone is missing and contact the right resources should it get stolen.

Yet it is best if it doesn’t come to that, so you need to make sure that you keep your smartphone on your person or in a secure location at all times. If you don’t trust a concert venue or similar location that takes and stores smartphones, keep it tucked away in the car or at home. Some people like to use armbands that can hold phones for security purposes. Just make sure that you always know where it is so that you never have to worry about that sort of security breach.

Only Use Trusted Apps

A lot of credit has to be given to the major smartphone app stores for keeping their listings relatively free of malicious apps. Nonetheless, some apps still escape through the cracks and stay on the stores for a couple of weeks until the truth is discovered. When using any app store, take a look at any reviews that the app has or whether the app has any reviews in the first place. Complaints about the app are fine, but any mentions of malware and you should steer clear.

If you aren’t entirely certain about an application, do not download it. Your smartphone functioned fine without it before you knew of its existence and it will function fine after. Do not trust anything that looks too good to be true because it most certainly is a trap. Above all, don’t trust anything that isn’t on an approved app store.

Safe Browsing Habits

Many of the basics of smartphone security come down to you and your usage habits. What do you download onto your smartphone? Are you only downloading things that you are 100 percent certain are safe? Are you sharing folders on a cloud service without double checking what is in the folder? Are you conducting financial transactions on applications that might not be safe? Do you have any security apps installed on your device? These are all questions you need to answer.

Your educated instincts will help steer you in the right direction. The details of smartphone security will change as frequently as the devices themselves, but you can always expect vigilance and caution to be the two guiding values that will lead you to a more secure life.