View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 7, 2018

Protonmail DDoS Attacks: British Bomb Threat Teenager Blamed

British teenager pleaded guilty to bomb threats - was also behind plague of repeated DDoS attacks on popular Swiss email provider

By CBR Staff Writer

A 19-year-old from Hertfordshire has been accused by Swiss encrypted email provider Protonmail of being behind persistent Distributed Denial of Service (DDoS) attacks that plagued the company over the summer.

Double-barrelled script kiddie George Duke-Cohen, 19, on Monday pleaded guilty at Luton Magistrates’ Court to three counts of making hoax bomb threats following an investigation by the UK’s National Crime Agency.

Protonmail DDoS Attacks: Bomb Threats Bust

As a member of the so-called “Apophis Squad” Duke-Cohen pleaded guilty to the bomb threats that resulted in over 400 schools in the UK being evacuated in March 2018, for which he was initially arrested just days later.

Yet amid the higher profile charges, a secondary story has gone overlooked: Protonmail claimed Thursday that the teenager was a leading member of one of the five groups that have persistently launched DDoS attacks on its servers this year, as well as on the website of security researcher Brian Krebs.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

(A DDoS attack relies on multiple compromised computer systems to attack a target, such as a server or website to disrupt service or serve as a mask to hide more targeted intrusions into an organisation’s infrastructure.)

The teenager was a Protonmail user and even used the company’s virtual private network (VPN) to make the bomb threats.

See also: Protonmail Hit By Yet Another DDoS Attack

In a blog published Thursday, Protonmail said: “Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavor, we were assisted by a number of cybersecurity professionals who are also ProtonMail users. It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online.”

The company, which has been a persistent target of DDoS attacks from a range of actors, added: “In addition to attacking ProtonMail, Duke-Cohan and his accomplices were engaged in attacking government agencies in a number of countries. Predictably, this triggered law enforcement agencies to make MLAT requests asking us to render assistance to the extent that is possible given ProtonMail’s encryption.”

See also: Hipster Hackers turning to Retro Protocols for DDoS Attacks

“What we found, combined with intelligence provided by renowned cyber security journalist Brian Krebs, allowed us to conclusively identify Duke-Cohan as a member of Apophis Squad in the first week of August, and we promptly informed law enforcement. British police did not move to immediately arrest Duke-Cohan however, and we believe there were good reasons for that. Unfortunately, this meant that through much of August, ProtonMail remained under attack, but due to the efforts of Radware, ProtonMail users saw no impact.”

Brian Krebs added in a post: “Unsophisticated but otherwise time-wasting and annoying groups like Apophis Squad are a dime a dozen. But as I like to say, each time my site gets attacked by one of them two things usually happen not long after: Those responsible get arrested, and I get at least one decent story out of it. And if Protonmail is right, there are additional charges on the way.”

Protonmail DDoS Attacks Believed to Have Hit Record High

The Apophis Squad had been boasting on Twitter about the attacks throughout the summer, with Protonmail’s DDoS protection provider Radware describing it to Bleeping Computer as a “high volumetric, multi-vector attack” that included “several UDP reflection attacks, multiple TCP bursts, and Syn floods.”

DDoS attacks are increasingly common amid a The longest DDoS attack in Q2 overall lasted 258 hours (almost 11 days), slightly short of the previous quarter’s record of 297 hours (12.4 days), analysis by Russia’s Kaspersky Lab shows, with the target an IP address belonging to China Telecom.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.