News: ProntonMail under DDoS Attack

ProntonMail under DDoS Attack

Recently the newly famous ProtonMail service was under attack by DDoS attack. This attack was believed to be the hacking group Armada Collective.


The new anonymous email service many know from the known hacking serious Mr. Robot.

Well, maybe you knew or you read it somewhere that they received a blackmail email November 3rd.

Armada Collective:

They are the hacking group that was believed to have DDoS'ed ProtonMail which began Tuesday the 3rd.

They have also been responsible for recent DDoS attacks in Switzerland.

The Attack:

They sent vast amounts of packets to Protons servers which got up on 100Gbps and overloaded their system also, their ISP and other party companies were also affected.

Protons ISP data center was taken down simply by the DDoS attack which was towards Proton and not ISP yet it reached their data center & routers in Zurich, Frankfurt plus several others.

  • these guys came to play clearly.

To top it off, they wanted $6000 from ProntonMail.

They recieved a blackmail email saying they were to give them the money, which they obviously didn't, and then we're DDoS'ed and Proton actually hands them over the $6000 in BitCoins. But they continued the attacks.

Man that' just too cruel.

Bit Coins:

If you don't know what bitcoin is, it is untraceable online currency that a lot of hackers use to do business with, especially on The Deep Web.

It is very very very hard to trace Bit Coins near impossible.

Defense Fund:

There has now been raised over $12.000 to ProtonMail with the intentions of keeping them secure in the future.


Maybe I'm wrong here, but isn't the blockchain public? You can trace the address and the addresses they are sending to and even when they withdraw can't you? Maybe I'm wrong but bitcoin only seems anonymous when you are buying services with bitcoin online or when you are sending to another address...

That's right, Bitcoin is the most transparent form of currency in the world. It is only hard to trace if the hackers are already untraceable and convert the currency. If you canny attach the Bitcoin address to anyone, the actual buyers are still hidden.

I think the second wave of DDoS attacks is done by the government or some big corporation like Google, or maybe both.

The first proof I have is that the second wave of DDoS attacks is of a massive scale. I highly doubt the Armada collective has the resources to pull off such a big attack. The government or a big corporation like Google certainly does.

The second proof I have is the timing of the second DDoS wave. The first wave was done by a hacker collective who demanded 6K USD, and after ProtonMail paid the sum, they were left alone for a short time. But after that, the big 2nd wave attacked. This looks like a cover-up strategy so the government or the corporation won't be detected, and all public attention is drawn to the first hacker group.

The third and last proof is that Google or Facebook is losing a lot of customers due to ProtonMail, and both the US and EU government can't monitor the email traffic. It would be best for all of them if ProtonMail was to dissapear. This seems like a team up of the EU & US government and some big corporations who would profit out of ProtonMail's dissapearance.

Yes, the Armada collective DID stop the attacks after they got their 6K, but now, a second party is also targeting them. Where did you get all this false information about this attack? (hmmm, media being manipulated... Proof N°4?)

I also call upon all Null Byters to contribute a small donation to the defense fund of ProtonMail! They have fought for us, now, I believe it is time to repay the favor! every penny helps!


thats actually very impressive, I never thought about it that way.

Never trust the media completely.


For the french speakers, NextInpact wrote (as always) a detailled and good article about the DDoS attack.

Also, if you look at the BTC exchange, the first group (Armada Collective ?) reply with BTC cents to explain they are not (edit) responsible for the second wave.

(starting at 2015-11-06 12:22:20)

Good analysis, Phoenix!

I agree with you totally. This likely an attack by a government agency. No small group could generate that much traffic.

Good to see you agree. But we also need to keep an open mind on subjects like this. While I absolutely believe some government agency is behind this, for all we know it might be a stunt of ProtonMail to get some money quickly. I extremely doubt this, but it is always a possibility. It is in situations like this that one of my favorite quotes of one of my favorite videogames can be applied:

"Nothing is true, Everything is permitted."


I am also devasted. I was expecting an important mail and i cannot access! :( Now that they are raising funds for defense systems, i would like to ask about that. How can you defend from a DDoS attack like that, and what kind of counter measures do they want to install? Could anybody explain me this?

Getting more bandwith prevents outage by DDoS attacks.

The reason they need this huge amount of money is because they now need to purchase enormous ammounts of bandwith from their ISP.


Proton is offline at this moment, sad. Why would someone try to ddos protonmail, this is ridiculous. I don't know what government is being such a dick but they aren't really achieving something here.

They are achieving quite a lot. With ProtonMail, the government has no way to monitor the email traffic of the people using it. It would be best for ANY government agency if ProtonMail was to dissapear.

And I can come up with countless of reasons why various corporations would want ProtonMail gone too.

It's indeed a sad thing.


Is it possible for you to elaborate on ;
And I can come up with countless of reasons why various corporations would want ProtonMail gone too.

I would love to hear further as I havent done enough re-search yet

Gladly. ProtonMail forms a threat for email providers like Google and Yahoo because they can offer something that Google/Yahoo/Another mail provider simply can't: privacy. When people migrate to ProtonMail, people leave other mail services.


I, for one, doubt it is one of the other email providers.The number of users migrating to protonmail is trivial. Second, it would illegal for them to conduct this DoS attack. They wouldn't risk their profitable businesses to shutdown a competitor who isn't even on their radar.

Valid points.


Double comment due to AJAX error.


That is very interesting, I thought the same thing when I re thought about it being another email provider doing the attacks.

Which leaves me wondering who could have, and how would someone say myself be able to figure out who is responsible for the 2nd DDoS attack.

I don't think it's a mail provider on it's own, but rather a coalition or "team" of some big email provider and a government agency. The government would certainly profit out of ProtonMail's dissapearance. And I think some other mail provider that falls under US and/or EU jurisdiction would be playing the long game and would notice it would be best if ProtonMail dissapeared too. Hence why I think they would team up. It's kinda hard to explain, but I think you get the idea.


It's likely a state sponsored spy agency such as NSA who is trying to keep people from using protonmail for privacy. The NSA, for one, cannot tolerate ANY privacy. They want to see and read everything.

The NSA certainly has the resources to send 100Gbps. The thing is, according to this map, most of the traffic sent to ProtonMail comes from countries outside the US. Does the NSA actually have the permission to attack from computers from other countries, let alone attack other countries?


so childish if you ask me for NSA to have that kind of attitude when it comes to our privacy and freedom. It was about time someone created an opponent for NSA and hopefully ProtonMail will only continue to expand and become such a big part of the hacking community and just IT area in general that NSA will have to bow because it has met its master.


The NSA will not bow to someone like Protonmail. The best we can hope for is to EVADE them, not master them.

I agree with OTW's statement totally. The NSA has grown too powerful to be defeated. The only thing we can do is evade them.

The only way we can make the NSA "bow" is through radical revolution, but this is unlikely to happen. I doubt you will find anyone who is less corrupt than the US when it comes to online privacy AND is capable of bringing them down.


I don't agree here. Being capable to bring the US down, that's a big challenge. But what if someone like me promises to provide people privacy, and other things that US doesn't?

That's an ambiguous statement you make here. There are powers that could take down the entire life. The question, rather, is about someone willing to do so.

Even if the UN tries to pass a privacy law, it won't be passed due to the security council.

Still, the strongest weapon, stronger than the greatest of biochemical and hydrogen bombs, is desperation. And US is almost on the target. It's just a matter of time when people lose trust in them, and someone like me launches the final blow, to destroy what would remain of the governments.

That is what my instinct tells me.

-The Joker

I completely agree with you both, the last few lines in my small paragraph about NSA bowing was written sarcastically, sorry about that :) gotta have some fun

But yeah NSA is powerful and you shouldn't make an enemy like USA.

That government doesn't deserve what it has. That might well be the most crooked government on Earth. It's just a matter of time for the USA. Unless, of course, like Adolf Hitler, they modify the education system. Whatever might happen, they don't have bright consequences.

-The Joker

Share Your Thoughts

  • Hot
  • Latest