Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others.
At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom.
They put their customers in charge of the company? This gets weirder all the time. The problem is that they asked their customers in the first place. They should have simply communicated the fact that they would be under attack shortly and indicate that they would never ever pay a red cent.
That would give their customers time to batten the hatches and/or migrate off the system for the time being while sending a clear signal that they would not pay anyway.
This is a tough situation to be in but putting your customers in control of the company (and in a democratic way no less) is not the solution. What about those customers that decided (rightly imo) against paying?
Companies such as these should have an up-front item in their terms of service indicating that they would never pay a ransom, that way they would be clear to both their customers and their potential attackers.
That's even weirder. They have obligations to their customers not to their neighbors in the same DC, that's the territory of whoever handles their hosting.
The datacenter is not going to be happy if they are offline due to attacks targeting one of their customers. The datacenter has an obligation to their customers, and if that means cutting off ProtonMail so that other customers stay online, then that's what the datacenter has to do. Then, ProtonMail is under pressure to pay the ransom fee to avoid having services terminated by the datacenter.
This is a risk the datacenter exposes their customers to by nature of how they operate. It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these. If their typical response to ransom requests was "you need to consider how you're impacting our business", I would take my business elsewhere.
Great in theory, but surely nobody "elsewhere" will host you securely if hosting you means all their other customers get hosed.
"the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us."
Protonmail could just be talking this up, but if your ISP's (or AWS's) fancy countermeasures don't deal with this, why would they keep you? And why would any other ISP want or accept your business?
The problem with ProtonMail is that their business model and brand are based on being domiciled in Switzerland and operating under Swiss law. Their datacenter threatened them if they didn't pay the attackers and no other datacenter in Switzerland was willing to take them. They tweeted out for help finding one after everyone with sufficient bandwidth to withstand the attacks rejected them: https://twitter.com/ProtonMail/status/662212032368889856 Eventually, one came forward. But, the ransom had already been paid at that point.
> It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these.
There are very good clean pipe services available; the major limitation is that the clean pipe provider must have enough capacity to absorb any attack... something that can be quite difficult unless you are someone like L3.
However, the good clean pipe services are all very expensive. (I don't mean the "http only" service like cloudflare; that is a very different sort of thing.) - this is because of that aforementioned limitation; you need a lot of headroom in your bandwidth to run a clean pipe service.
But yeah, amazon charges a lot more for bandwidth than you'd expect to pay direct from a transit provider at small-ISP scale, so I would hope that they have enough capacity and technology to filter fairly large attacks.
>that's the territory of whoever handles their hosting.
Yes. And what does a provider do when a customer is getting hit so hard by a ddos that it is pushing their other customers offline? they blackhole the target at their upstream (usually starting on a per-IP basis, but that will widen as the attacker shifts the target)
So... most likely, the isp said "if this continues, we will need to finish the job and shut you off" - which is what every other ISP is going to do in the case of an attack that is large enough to knock the ISP in question offline.
Check out the legalese on your hosting contract; everyone reserves the right to dump you as a customer in these sorts of cases.
Yes, absolutely. And that's acceptable. If your customers can't deal with the realities of the internet today then you're better off without them anyway, no service will be able to guarantee 100% uptime and if major banks can be taken out by DDoS then so can a small time operator like this. That's no news and should not suprise anybody.
Would those obligations be spelled out in the contract for data centre services?
I'm interested in whether the ISPs have any form of protection against the disruption caused by a customer of a shared service coming under a criminal attack of this kind.
ProtonMail can't be trusted with any decisions about its business going forward, no matter how good their service (of which I still have doubts anyway). I mean, who knows what kind of compromises they will make next if they get "pressured" by the government or whoever to put a backdoor in their service.
I always find that the best way to make a decision about who to trust is on the basis of a brief article by a third party that, in a 2 minute read, covers high pressure events that spanned many hours. Even better if you throw in some highly informed opinions by random people in an online community. It's a very reliable way to decide on important things like trust.
Let me make a spam analogy: the reason we are drowning in spam is because it works. If even 0.00001% of the spam recipients enters into a financially beneficial relationship with the spammers then everybody will get spammed. The only way spam will go away is if everybody will finally stop responding to spam.
So you just simply do not pay extortion fees unless you want to become part of the problem.
In the case of an encrypted filesystem that means you will have to restore from a back-up (which I assume (naively maybe) that you have). And you chalk the whole thing up to your education fund. Paying up is simply wrong.
> The only way spam will go away is if everybody will finally stop responding to spam.
Right, which is why "never pay extortion fees" doesn't make much more sense for combatting this stuff than "never click on spam links" makes for combating spam. It's unrealistic to think we will convince enough businesses to altruistically not pay extortionists, just like it's unrealistic to think you'll get your grandmother to stop clicking on spam links. You need another solution.
There is nothing altruistic about businesses not paying extortionists. Sure they may come to (some, hopefully limited) harm.
But once you as a business pay an extortionist you have just taken on another partner in your business, who will do none of the work and who will take almost all of your profits. So paying out of pragmatism will actually have the exact opposite effect of what you intend to achieve (to make the problem go away).
A good parasite does not kill the host, merely takes all the resources they can get and it certainly won't stop with one attempt at extortion. And judging from the blog post linked they learned their lesson.
>> The only way spam will go away is if everybody will finally stop responding to spam.
> Right, which is why "never pay extortion fees" doesn't make much more sense for combatting this stuff ... It's unrealistic to think we will convince enough businesses to altruistically not pay extortionists,
jessriedel is not saying it's altruistic to pay, it's altruistic not to pay.
The way you make money is by selling spamming services. The sucker is not necessarily the person receiving the spam, it can also be the desperate business owner buying the "campaign".
If at any point a CryptoLocker locked a person files up, and they didn't give up the key and it got out, no-one will ever pay them again. It's in their best interest to actually unlock the files.
If you are the victim of a crypto locker, you don't really have a choice. In fact it is true of any hostage situation. Parents of a kidnapped kid only have one solution. It is the authorities role to ensure that the hostage takers end up in a jail or a coffin, otherwise impunity will fuel criminal behavior.
If you have a working backup you are not really held hostage in the first place. But many people backup to an external drive or a NAS, which unless they happened to be offline at the time of the attack would also be compromised.
A backup is a copy of your files on another medium physically disjoint in space and not connected to the original in any way that you verify is correct after having written a copy.
Anything less than that is not a backup but a mirror and mirrors while useful are not at the same level of security that a backup is.
Some copies are backups, but not all of them and most copies on spinning or re-writeable media especially when they are networked are not actually backups. Somebody tell backblaze ;).
Large companies do have this sort of backups. But cryptolocker's target population is individuals and small businesses. Having to manually plug and unplug a drive every day is an unreasonable burden for this population, and may not even help if the drive is connected while the user is unaware of being infected. WORM NAS volumes or NAS volumes that do incremental snapshots behind the scene are a better solution but I am not aware that major consumer NAS manufacturers (Synology, etc) offer that.
No, you can use spinning media just fine, as long as you take them off-line after making your copy and if they're in the same physical location to remove them from the premises.
>NEVER EVER PAY... you are making the problem larger for others
That's true but for the individual payee it can make sense. Trying to get the ransomers back can work. They'll keep at it till they figure they can get harmed.
I was thinking in part of the pirate activities off Somalia. Most ship owners were better off paying $1m than losing a boat worth say $50m. The problem seems to have slacked off now and I feel it was more related to firearms being pointed in the direction of the pirates than people not paying. Likewise with Cryptolocker putting Evgeniy Bogachev in jail rather than on various yachts would be a start. http://www.usatoday.com/story/news/nation/2014/06/03/fbi-bus...
This thread is not about pirate activities off Somalia, it is about paying a ransom under threat of DDOS. That's an entirely different thing and strategies that work in one case may or may not work in the other. Case in point: you can shoot at pirates.
To run an effective extortion racket you don't just have to convince your victims that they will be hurt if they don't pay - you also have to prove that they won't be hurt if they do pay.
There wouldn't be any point in paying a $1m ransom for a $50m boat if it was going to get caught by 49 other pirate groups on its way to safety. So when a ransom has been paid, pirates escort a boat to safety.
DDOSers can't offer any such guarantee; it's not like one DDOSer can stop another going after the same victim. And to my knowledge there aren't any websites where victims can post reviews saying whether the same DDOSer targeted them again later on.
as someone who actually did this in their teens, i ddosed someone for 1 day then asked for a couple thousand bucks, but they wouldnt give any so they were ddosed for like 2 weeks. they ended up paying like 750 and i left them alone after that. they ended up losing like 250 grand in sales, could have been prevented by just paying a measly 2
It would only make sense if you're doing it as a delaying tactic.
There is a chance they could be 'honorable' thieves and desist, but it's likely having had someone cave in once, they'd cave in again, and again... So, it only makes sense as a delaying tactic, in the long run it's mostly a losing proposition, unless you're setting them up for a sting or something.
I've been in that position (twice) and in both cases was able to reverse tables on my opponent. It could be that I'm lucky but I think that these operations only work because there are a lot of people that cave in when they see a letter on a lawyers letterhead regardless of the merit.
If your a security service, definitely pay no ransom money. Also, tell your clients to back their stuff up with their own methods, too, just in case you come under heavy attack.
> Also, tell your clients to back their stuff up with their own methods, too, just in case you come under heavy attack.
This goes for any 'in the cloud' data that you might have. In the end it's your data and your company that is at stake. Not all data wipe-outs are malicious, sometimes accidents do happen.
Banks are tripping over themselves to get out of the datacenter business and put all their files on Azure/Rackspace/AWS/what have you. It's embarrassing.
It really is. I'm hoping they're just offloading less consequential crap instead of core apps. Those are on mainframes in most banks I know. Maybe legacy lock-in will save customers' data and money from cost-cutting managers. Ya think? Would be ironic as hell haha.
Damn, I feel for them. That said, I feel better about how I've incessantly posted Wheeler's page over the years whenever source control comes up. Despite many being annoyed, they have no idea how important it is to have great security, storage, and recovery on this stuff. Between Wheeler's page & Orange Book A1 stuff, the practices today look kind of abysmal and ripe for the taking.
Orange Book systems' (1980's to early 90's) used air gaps and/or paper backups in safes. OpenCM, a robust SCM by Shapiro et al, mentions that among other things:
I come from a banking background so that stuff seems normal to me but what I find in the wild every now and then has me wondering how long it will be before a major service will go off-line due to some act of premeditated vandalism. It can't go on forever like this.
SoD alone would go a very long way to close some of the larger holes (dd question: who has access to your backups?) but even that is something that a lot more people seem to be aware of than is put into practice.
The amount of trust placed in the hands of a very few people is scary, and to do all that without real backups is something that would keep me awake at night if my bread and butter depended on it.
> Also, tell your clients to back their stuff up with their own methods, too, just in case you come under heavy attack
you would be shocked at the number of people who get upset when you advise them to make their own backups, and interpret this as an indictment of the reliability of your own backup procedures.
e.g. "isn't that what we pay you for???"
nevertheless, do it anyway and let them fume. there are no prerequisites for running a business and you'll find that many absolute morons are at the helm of some nominally successful businesses.
Agreed. Whenever I hear a self important IT person saying "this place WILL go under without me" I know I'm dealing with someone delusional or inexperienced.
A company of any size can continue on even if severely crippled with nobody left who understands how anything works. I've seen it time and again - also even where I've felt I was important.
Minimal viable product and vendor lock ins are powerful real world things.
It seems like the largest threat to the "ransom seeking industry" is for the public to come to believe that paying the the ransom will do no good. Sometimes, such as in cases like this, it becomes publicly known that a ransom is sought before it is paid. An interesting aspect of a Bitcoin ransom is that third parties can verify that a ransom was paid.
Would it be in the legitimate interest of the public as a whole for a third party (possibly governmental) to carry through on the threat as soon as the ransom is paid? This would be to the detriment of the victim, but reduce the likelihood that future ransoms would be paid, and thus eventually might reduce the number of future victims.
That's an interesting angle, but if traced to the source that source would still be 100% on the hook for any and all fall-out from such an attack and I really wonder if any government entity would be willing to sign off on such a vaccination service.
Vigilante solution: You could automatically send a ransom request any time you see a company getting DDOS'd by an attacker. If the attacker is also asking them for a ransom (so the company gets two ransoms), you ensure confusion and that the attacker doesn't get paid. Otherwise, you might get paid while the attack happens.
This way:
(1) companies that pay ransoms are AWLAYS punished and it never causes an attack to stop
(2) no attacker ever gets paid a ransom
I suspect, sadly, this is why Gmail and sites like it will continue to win. Secure email always sounds like a good thing, but it's less important in practice than accessible email. If you have to make a choice between confidentiality, integrity, and availability, for day-to-day email, very few people will choose anything other than availability.
(The email deliverability problem doesn't help matters, of course.)
By "the email deliverability problem" I'm referring to the problem that only well-known IP addresses get to send mail that doesn't get arbitrarily thrown into spam filters. See e.g. http://liminality.xyz/the-hostile-email-landscape/ , which was front-page here a few weeks back.
If you're just talking about availability, then yes, but this was a sustained DDoS that took their servers down for hours. While the email protocol does insist that the sender should queue and try later, having no new email for hours is not really what people want out of email.
Protonmail's e-mail servers were off line for multiple days. With an outage of that length mail will start to bounce. It depends on the local configuration. But, 3 days/72 hours is pretty standard.
That length of down-time is unacceptable for any type of connection.... even for residential. But at least I guess that the senders will know that the emails bounced.
There's regular security solutions then there's those meant to stop High Strength Attackers. I warned ProtonMail's team and infrastructure wouldn't handle the latter. I was expecting stealth 0-days, though, given there's DDOS mitigations available. That they went down due to DDOS was a bit of a surprise.
"Cost estimates for these solutions are around $100,000 per year since there are few service providers able to fight off an attack of this size and sophistication. These solutions are expensive and take time to implement, but they will be necessary because it is clear that online privacy has powerful opponents."
No shit lol... Not a good sign that they're already in reactive mode. On other end, that MyKolab hasn't gone down might mean they're already compromised or just not targeted by this attack. I wonder what it is. They're just a GPG carrier in a semi-neutral jurisdiction in my usage, though. ProtonMail would've been, too, but I figured they'd be more likely to have service issues.
You mentioned that you warned ProtonMail's team about High Strength Attackers. What else did you warn them about? What other security flaws do they have in your opinion?
I warned others about them. I rarely warn projects any more because my associates and I have done that until we were blue in the face with little effort. My MO is to just post good stuff in forums that attract talent so they might see and adopt it. In any case, I posted a write-up on what real security is and what goes into it on Schneier's blog in response to a [false] comment saying secure coding is all you need. Here's the Pastebin of it:
Hope what High Assurance Security takes is more clear now. Unless you get lucky (eg GPG), you need high assurance to resist TLA's successfully and that might just be delaying inevitable. Still need monitoring & tamper-detection.
I belong to a minority community in Pakistan target of regular state backed oppression.In addition to violence and flagrant discrimination the community representatives are also targets for abductions. The community has a rule.It never pays ransom to the kidnappers because this sets a precedent and exposes the representatives all over the country to even more kidnappings. This strategy while it may seem brutal is a necessary one and over the years kidnappings for ransom has gone down. Again, computer security is different, but the principle is same, you dont want to send out the message 'We'll give you money to make you go away' because it just goads even more to resort to such tactics.
This is the first case I've seen where a digital blackmailer didn't follow through with their promise. It's bad for business for them to renege as it increases the chance that their next victim wont pay.
"Somebody with great power, who wants ProtonMail dead, jumped in after our initial attack!"
"We have no such power to crash data center and no reason to attack ProtonMail any more!"
"WE DO NOT HAVE THAT POWER! NOT EVEN CLOSE!"
"We are not attacking ProtonMail! Our attack was small, directed at their IP only and lasted 15 minutes only!"
I don't believe Protonmail have said they have received any more requests for money, so that would go along with the above. I agree that it was silly to pay the blackmailers, but there is some reason to believe that these are two separate attacks.
Verified. ProtonMail received no additional requests for money. And, those are the attackers' words. The original attackers claim they stopped. They hit many other Swiss companies and stopped after they were paid, as well. They are screwed now (and seem to be panicking a bit) because the size of the secondary attack was enough to knock a portion of Swiss internet infrastructure off line, anger some high profile businesses (including banks), anger the Swiss Government, and cause the matter to become a high profile case for Europol.
The original DDoSers actually did honor the ransom and stop their attack. However, another group started hitting them after the ransom was paid. Probably because they just advertised themselves as people who will reward DDoS attacks.
Of course. That's what any clever criminal would do, if they pay up once chances are they'll pay up again. My ISP was hit like this a few months ago and sent out an email outlining the situation to their customers before the second wave began to give us a heads up and very clearly stated they had absolutely no intention of paying whatever would happen and that's the only acceptable stance and I as their customer fully supported them in this decision and would have left if they had decided otherwise.
Props to cloudflare for standing by to help out in that particular instance, absolutely fantastic.
The article states that it was most likely two different attackers, due to the different methods used and the blackmailer denying responsibility for the comtinued (unsophisticated) attack.
I'm not sure what to think, but I can easily understand why they did pay. It's easy for others to say what would be best for the industry, but when you are the one suffering and your ISP is angry at you, and you can pay a small sum to (possibly) make the problem go away, your opinion will change.
From what it seems, there were two DDoSers. The ones they paid to, did stop DDoSing, but the other one is unknown and is still doing it. The first one did contact them and tell them that they had already stopped DDoSing.
I think the most likely scenerio is actually that the blackmailers are outsourcing the DDOSing so there was a communication delay and/or there is some latency/delay when issuing commands to the botnet.
For a site the size of ProtonMail, $6K is the cost for protection for a single month. Most of the companies that offer this kind of protection require you to sign a one to three year contract.
There are two kinds of protection, basic HTTP/HTTPS and DNS only (done with DNS and CDN like servers co-located at peering points), and traffic filtering that is done through BGP with and a GRE tunnel. While you can get basic HTTP/HTTPS and DNS from CloudFlare for $200/month on a business account, what ProtonMail needed was a BGP/GRE which at it's lowest price is a multiple and an order of magnitude more expensive.
Isn't Cloudfare around $2,000 a month with no data caps for high-end package with $50 a month for low end? I know reasons why some people avoid them but I figure there's a similar service in Switzerland that just costs a bit more. That might be what they're referring to for $100,000. I'm curious.
Paying ransom is never worth the long-term costs. Once you've proven to the criminal that you're someone who will pay, they usually try again in the future because you're an easy mark.
Not only that, there is a power imbalance that shouldn't be ignored: the criminal has more experience in these kinds of confrontations than you do. Sam Harris has a very good article on this topic[1]; while he is discussing violent interactions on a personal level (e.g. mugging), the principles apply to many situations. The short version is that the criminal is trying to draw you onto their turf and to play by their rules. Almost always you will only make your situation worse when you let the criminal set the rules.
> Paying ransom is never worth the long-term costs.
I am amazed about how many people are making this claim confidently in this thread. It's clearly wrong. Very, very often it's definitely worth the cost, because very often you will never see the same criminal again. Consider:
"Don't pay ransoms, because (1) you'll get extorted again once the criminal knows you're an easy mark and (2) if everyone always refuses to pay, criminals will have no incentives to try and extort."
versus
"Don't pay muggers, because (1) you'll get mugged again once the mugger knows you're an easy mark and (2) if everyone always refuses to pay muggers, muggers will have no incentive to mug."
Yes there are cases, like if you're the government, where you are very long-lived and your reputation is reliable such that having a stated, followed policy of not being extorted works. But for individuals, it's just not feasible most of the time. You probably won't see that mugger/extorter ever again, and it's very unlikely that most victims will refuse.
Muggers are typically not going to come across the same victim twice and word does not spread that you are 'an easy mark'. So the advice to people being mugged is to simply give your stuff rather than to try to put up a fight.
But extortion is different than mugging. See, in extortion you have a perceived weakness other than that you fear for your life and that weakness has subscription possibilities, unlike mugging people. For instance one simple defence against muggers would be to have nothing on your person. Hard to mug you in that case. But since the ransom victim can't really change the nature of his business (short of removing themselves from being online) they will always be open to a replay.
Individuals are not the parties being extorted here, it's companies with some degree of success and visibility. I pretty much guarantee you that every larger entity online has either been prodded by extortionists or will be prodded in the near future. This is a very large business and everybody that pays makes it a bigger issue because of the perceived easy money drawing in ever more prospective extortionists.
Muggers != extortionists. Blackmailers are extortionists and they always come back until they get stopped through some other means (for instance the authorities) or until you tell them to do their worst.
In the case of one Dutch bank this led to intermittent outages over the course of several weeks but eventually they got things under control and there hasn't been a problem since. If on the other hand they had paid I'm pretty sure that they'd be paying a nice monthly protection fee. "It'd be a terrible thing if something happened to that nice website of yours.", it's just the same tactic as the mob employs against shops.
> How can we even know the answer to that question?
Huh? People report extortion and muggings to the authorities routinely. Combining that with surveys to estimate non-reports should allow us to get a very good estimate.
> How many of the people who do not pay these ransoms do you really think are hit again?
I guess by publicly announcing that they paid ransom that "didn't work" they have slightly undermined the trust for ransom as a solution in cases like this. So it might be correct from a game theory perspective, if you disregard any decrease in trust for themselves that is.
Ransomware is a different scenario. With ransomware, if you have no backups and absolutely need your files back, paying the ransom is the only sane option. Of course, this can easily be prevented by taking frequent backups.
With a DDoS, there are almost no advantages to paying the ransom. Much better to spend the money on DDoS mitigation instead, to help now and in the future.
Also, the FBI wasn't making an official statement. It was just an off-hand remark from an agent, recommending technically ignorant people who desperately want their files back to pay the ransom.
In fact backups is not enough. It has to be offline backups, which raises the bar quite a bit. Backing up to a network drive doesn't even help, and I am not aware of any wildly used "write once-only" network drive capabilities.
Backup to an external hard drive that you only leave connected during the backup, or a cloud service (ransomware could theoretically target these but so far have not), or do a "pull-style" backup where the machine doesn't have write access to the backup location.
Agreed. The difference is that with ransomware the act has already been done. You can think of it as negotiating with kidnappers vs. paying off the mob to not rough up your shop.
No evidence given for it, but my first thought was to wonder is it was a government not liking ProtonMail's encrypted email service,and taking them down.
I mean, the day of SOPA blowing up when everyone was protesting what was necessary to take down piracy websites they shut down megaupload and arrested people across the world. My only question that day was: why doe we need SOPA again?
Does any one know the technical details of the attack? The article simply refers to it as 'highly advanced denial-of-service attacks'.
From the fact that it knocked off their upstream providers also means it was probably just a simple volumetric attack like an NTP or DNS reflection attack. These are relatively easy to defend against.
I work for an ISP that gets hit with 5 or 6 of these a week, but because of the mitigation strategies we have in place our customers don't even notice...
They say the attack "exceeded 100Gbps" (https://protonmaildotcom.wordpress.com/). I moved my server to OVH 6 months ago, and since then any DDoS attacks don't affect me at all. OVH say they can handle up to 480Gbps of attacks, and people are reporting that they are getting up to 90Gbps of DDoS attacks mitigated by OVH without any problem. Their DDoS protection is completely free with any of their dedicated servers.
I don't really understand the logic behind setting up with a Swiss datacenter with zero (or very little) DDoS protection. It is pretty much guaranteed that China will DDoS you if you are in any way involved in helping dissident groups.
It is possible that by paying the ransom, ProtonMail effectively financed its own DDoS attack. That being send, I commend ProtonMail's transparency in this situation, regardless of the seemingly negative reaction.
Cloudflare should have an emergency hotline for situations like this. Charge half the ransom to handle the traffic for the duration of the attack. Offer contract afterwards.
We (CloudFlare) do. We have done onboardings in real time with people under attacks. We do full length contracts because that works better for customers, though.
We don't proxy smtp. There are solutions to deal with that in a hybrid way, though.
I think the OP meant it as a discount. (E.g. if cloudflare blocking the attack would cost 10k (for 5 sites) for a month, offer a discount at half the ransom (3k) for however long the attack lasts days).
Still too risky from a PR standpoint. It's the kind of corporate activity that means well (truly) but can be interpreted negatively too easily.
Unfortunately the only safe play is to give away the service for free (for duration of the attack). Which could be a solid marketing strategy, cloudflare's price point is reasonable enough that many would stick with their service even after the attack was over.
Cloudflare's $200/month business plan includes DDoS mitigation. It's self-serve and there's an "I'm Under Attack!" button in every account. There's no extra cost for the bandwidth.
In this case yes, because users don't get an encrypted channel with the site's servers, only with Cloudflare. Cloudflare isn't acting as a dumb TCP proxy which would allow that. When it hosts an HTTPS website, it does so by terminating the HTTPS connections itself. Cloudflare has the private key, and can see the content of every request/response. That's necessary to compress images, inject scripts, minify code and do all the other optimization/CDN stuff they do -- but it also means making them an MITM between a site and its users.
CloudFlare was the first company ProtonMail called (with in 5 minutes of the DDoS starting). Unfortunately, they couldn't help ProtonMail. But, thanks to @rdl for responding to a txt on his cell phone at an inopportune time and mobilizing CloudFlare's sales and engineering teams to talk with Proton (during the company's retreat no less)!
For all the people getting nasty and arm chair quarter backing this on little to no information or trying to claim credit for things they did not do- understand that once you start working in venture funded startups pretty much everyone knows each other and many people have worked together before.
I don't understand why the attackers wouldn't stop? Why would they want to build up a reputation of not being worth paying? If they were always true to the word, then people would mostly always pay.
this article is great, in a way. People pay ransoms with extreme agony, but because they are supposed to be effective. If they don't work, there goes the only reason to pay. this is exactly the article the DDoSers don't ever want to see written about them.
Because ProtonMail would have been required to give CloudFlare encryption keys that would have 1) allowed CloudFlare to inject JavaScript to steal decryption passwords and keys 2) Allowed CloudFlare to collect
metadata on traffic for individual users
ClouldFlare are a bunch of great guys. And, they wouldn't
do any of that unless they were delivered a National Security Letter forcing them to.
If ProtonMail signed up with CloudFlare, like HushMail did, ProtonMail would have no way to know if these types of code modification attacks or metadata collections were happening.
And, as people saw with Hushmail, since CloudFlare does not do SMTP proxying (filtering/challenging) a DDoS could have still taken down ProtonMail's mail servers offline. While CloudFlare allowed Hushmail to get it's website back online, mail to my Hushmail account is currently delayed by several hours due to DDoS of their mail servers.
It is always a temptation to an armed and agile nation
To call upon a neighbour and to say: --
"We invaded you last night--we are quite prepared to fight,
Unless you pay us cash to go away."
And that is called asking for Dane-geld,
And the people who ask it explain
That you've only to pay 'em the Dane-geld
And then you'll get rid of the Dane!
It is always a temptation for a rich and lazy nation,
To puff and look important and to say: --
"Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
You will find it better policy to say: --
"We never pay any-one Dane-geld,
No matter how trifling the cost;
For the end of that game is oppression and shame,
And the nation that pays it is lost!"
I guess Kipling's knowledge of this had a practical basis, since he was one of the chief apologists for the systematic extortion the British Empire used to enrich itself.
(Note - I am from one of the countries invaded and occupied by Britain)
I must come to Britain's defence here - it's behaviour was normal in those times but it did eventually give up most of its "ownership" without actually being defeated in wars. That was pretty amazing.
By modern standards, British behaviour was despicable, but a lot of the invaded countries got enormous benefits - rule of law, economic infrastructure, transport networks etc. Being invaded (not just plundered) by major cultures has generally had good benefits - in the long term - for the invaded nation as they get a lot of the characteristics of the stronger nation.
Again, keep in mind that this is not the modern way of looking at things, which is why we have the United Nations and other international organizations.
See also: The life of Brian, 'What have the Romans ever done for us'.
As for Britain giving up its ownership: To this date formally England lays claim to a whole bunch of places that they have colonized and in some cases it has gone to war to keep that situation as it is.
That the UK gave up India is a pretty complex affair but you can bet that the 'let's fight' option was only taken off the table when someone did some basic math.
Whether or not the invaded countries got 'enormous benefits' is immaterial, we do not live in the alternate universe where India was not a British colony, in which universe India may have been better off or it may have been worse, we simply can not know.
All we do know is that in this universe we (nowadays) take a dim view of such colonization, including those colonizations in our collective past. That some countries were 'not as bad' as others and that they left the places they invaded (and usually plundered) in some ways in better shape is imo immaterial to that.
I seriously doubt that the "let's fight" option was anywhere near the table when India gained independence. The records will all be public by now.
> As for Britain giving up its ownership: To this date formally England lays claim to a whole bunch of places that they have colonized and in some cases it has gone to war to keep that situation as it is.
If the Falklands had actually had any native inhabitants at the time it was "colonised", and the UK's military involvement hadn't been at the behest of the Falklands' contemporary native inhabitants to repel an invading foreign military dictatorship, they might have had more of a point...
"Other places" do not exist unless you name them. Even the Chagos Islands, the UK's most questionable overseas possession, have only been fought over in the courts.
I had no idea the UK had fought a war to stop the people of Gibraltar obtaining independence and self determination. Can you point me towards some references on the subject?
But the grandparent was talking about systematic extortion. Which is a specific allegation that i understand to mean bleeding the colony dry under threat of force.
The parent states that this specific allegation is not true and that many countries were better off than before or counterfactual without colony rule.
Colonialism typically siphons profits generated by capital from the colony to the colonial masters. This is an economic fact. It's not extortion but it does leech capital from the colony and is systematic.
> I must come to Britain's defence here - it's behaviour was normal in those times
Yes, all of Europe was engaging in the monster known as colonialism.
That doesn't make it any less morally repugnant.
> it did eventually give up most of its "ownership" without actually being defeated in wars
It gave up its ownership only after being devastated by two World Wars.
> By modern standards, British behaviour was despicable, but a lot of the invaded countries got enormous benefits - rule of law, economic infrastructure, transport networks etc.
None of these things couldn't have been achieved without the British. And all these things came with a cost.
This justification has been used for colonialism time and time again. We saw this last year in Ukraine. It doesn't make it right.
If you're genuinely interested in an answer, then like a sibling said, its "neither". Colonialism wasn't as inevitable as its made out to be, and the countries that were colonized weren't "uncivilized" or "barbaric": things that world history (amazingly) continues to propagate.
e.g. Colonialism in India was an incredible amount of good luck and some wily statesmanship, and not due to lack of technological progress. Once the country was colonized, the British had an ulterior interest in preventing industrial development and the concomitant economic progress.
> a lot of the invaded countries got enormous benefits
Those "benefits" stopped innovation and progress of their own cultures. And it led to the present day of conflict between traditionalists and progressives, slowing harmonious progress indefinitely. The traditionalists would have eventually progressed to a more "civil" society in a different way. And then we would have a far richer diversity than today's system.
I'm not sure what you are saying here. That by past standards they were not totally horrible, or that becoming colonized was a fair trade due to all of the "benefits"?
As an example, Japan nor China was never colonized, they were totally ass-backwardian to late 19th century and appear at least to foreign eyes quite modern nowadays.
Would those countries have the same benefits without British rule? I think they would.
And as for Britain "giving up" their claims, they simply couldn't afford to keep India after the Indian military rebelled, and without India, they simply had not enough colonies to make profitable quickly after the devastation of WWII.
Was he really? The White Man's Burden isn't that ambiguous. Not now, and not even when it was written.
It was about the Philippine-American war. 2 days after publication in America, it was read in the Senate to argue for the US to end the war.
One of his more famous stories, The Man Who Would Be King is about two white men who manage to convince an Afghani tribe they're gods. It becomes undone, when one tries to marry one of the women, she attacks him drawing blood, and the tribe's priest declares he is "Neither god nor devil but a man!" (at which point one is brutally killed, and the other manages to flee). It could almost be read as an analogy for colonialism - the white men might have had a technological edge, and used shock and awe to take over, but as the natives catch on to what's happening, the risk of backlash and revolution grows.
Kipling wasn't firmly against colonialism, but he was a savvy (sometimes cynical) realist. Most colonials were pretty cynical about it.
That story is absurd, considering that a lot of modern diplomacy is essentially deciding how much Dane-geld you should pay to appease America, Russia, or (insert your regional power here), and how much you could expect in return for promising that you will not pay the Dane-geld to the other side.
If you don't play, you end up like North Korea, ever so proud for their fierce independence, cut off from everyone else.
I find this cute tale, from a subject of the British Empire, doubly insulting. If you are powerful and you can extract Dane-geld from others, fine, but stop insinuating that other people pay Dane-geld because they're stupid.
Poems by the man who romanticized the colonization of my grandparents' country are always cool, but the logic doesn't hold up. If you're not as well-armed as the British Empire, and you very much do not have the resources to defeat the Dane, it's nice that the end of the game is oppression and shame, but you're going to lose well before you even get to endgame.
You do realize why the British called it the "dane geld" and not tribute right? Because the Dane used to plounder the English and demand gold to go away, and the English learned to their sorrow what happens when you pay the dane geld.
This is told to me by a Danish classmate (while intoxicated at a party).
He asked me: do you know why we say "Skull" when we drink?
I said: No I don't.
He Said: Well, back then during the Viking times. The Danes would fight all the way to the kingdom and cut the off the Skulls of the English princes; Dump out their brains and use the skull as cup for drinks. Hence the word "Skull".
I said: Huh? Interesting!
"And then we also took all their good looking women. And that's why all the Danish girls are soo good looking" Add him.
That's a false dichotomy if there ever was one. The alternative to being colonized by the British was not to be colonized by Belgium but not to be colonized at all.
It is arguable that India benefitted from being under British rule compared to be in under the rule of mad Moghal emperors though. I'd say gp was not a false dichotomy. Of the options available, British rule was not the worst possible outcome in hindsight.
To my Indian friends, please be wary of ultranationalism and the far right. It never does anyone any good. Just look at us and learn from US' shortcomings.
> was not to be colonized by Belgium but not to be colonized at all.
There was no such alternative if you were a weak, divided nation in the first place. Please look at what happened in other places with a similar situation (even China during a long time). Once the European nations stopped fighting each other they looked for other territories to conquer at the time - and this, by the way, not limited the the recent world history at all. Territorial conquest is something that started that was documented even in Antiquity, although we did not call it colonization then.
Most countries have been colonized many times and there's almost no connection nowadays between the actual "natives" and whoever is currently ruling.
If it were my country, I'd have picked British rule over self-rule. A robust system of laws is nothing to sneeze at.
Look all over the former British Empire, and you'll see robust, healthy democracies peacefully trading with their former rulers. Countries that were never colonized got left out of the huge technological race that modernized the rest of the world after WW2.
The Anglosphere nations are among the most powerful on Earth.
Napier is one of my favorite historical figures, but wasn't sati banned based on the requests of (native) Hindu reformers, and Napier merely spoke in favor of the ban when other Hindu priests complained? It seems like a stretch to argue that it was Napier who worked to put an end to sati.
Ah, yes, pithy and powerful quotes! I should be thankful for colonialism for providing pithy and powerful quotes. Take up the white man's burden of speechwriting.
Seriously, there are much better arguments for the position you're espousing. I can come up with half a dozen without trying. If you're really interested in contributing to discourse, try making them.
The topic was the banning of Sati. It was just one example of the benefits of British rule. That it is such a salutary example is why I mentioned it. You are welcome to keep crying on Twitter that people said things you don't like but I have nothing further to say to you.
It's not even close to salutary. You can't defend your point, that's why you have nothing further to say to me. You are wrong on the facts, and you don't even know how to lose an argument graciously.
What argument is there to be had with someone who will not even admit the elimination of the ritual immolation of widows as a salutary benefit of colonial rule? There's clearly no reason involved in such a stance but simply reflexive chauvinism.
If you are talking about India, it wasn't a "country" before the British. It was a mixture of disparate kingdoms and sultanates. Not to mention that before the British, most of India was under Muslim colonizers i.e. the Mughals.
The Indians have always been a conquered people, it is only in the last 70 years that they have had freedom; you should thank the British for it.
The Mughals were not colonizers. The definition of a colony is: "country or area under the full or partial political control of another country". The Mughals were ousted from Central Asia; India was the only country they ruled. So, by definition, they were not colonizers.
That's not the context the OP used... It was: "you should thank", not "you should be thankful". A very subtle difference, but in this case (to you), it's the difference between offending and not.
I think both wordings are rude, particularly because of the word "you". OP doesn't know anything about his family's history. It's different from making a general argument that talks about the benefit to the whole country.
Define "country". To make your statement above to be true you will need a pretty narrow and tautological definition.
I presume you are not the brightest bulb as far as Indian history is concerned so it will help a bit if you read up a bit on Indian history, even Wikipedia would be a good start.
If victims need to be consistent. When terrorists are shown that they'll either get a bomb through the roof or nothing, but never payment, then they'll change their business plan.
That's because the situation between Israel and Palestine is a bit more complex than the proponents of that particular strategy in that particular case would like to have you believe.
Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others.