A Carriers Lunch event sponsored by IP-Max with a presentation by ProtonMail
GBN attended the Geneva Carriers Lunch annual boat trip held on June 17th and sponsored by IP-Max SA. Here is a short summary of the afternoon's main 'hot' topic.
After a short presentation of IP-Max’s own products and expanding services, their customer ProtonMail was introduced to explain the hair-raising experience of being subjected to the largest cyber-attack of its kind in Switzerland and how they managed to come through it all without any loss of data.
You can read GBN's more detailed interview with ProtonMail from May 2016.
DDoS, the dark side
The data attack used on the servers of ProtonMail is known in the business as DDoS (Distributed Denial of Service). To enable a DDoS, attackers must first set about infecting a huge network of personal computers (sometimes globally) which they load with malicious software via (hidden file) attachments to messages transmitted through email, social media and websites.
The corrupted computers (referred to as ‘botnets’) allow hackers to remotely access them when online, and then to control and combine them to form a massive frontal attack on a chosen IP address or series of addresses. The target address servers are swamped with incoming demands or enormous data files (multi-Megabytes) from thousands of botnets, and are literally taken out of service, unable to carry out their tasks or intended purpose for serving real customers. So, with business offline until the attack is over or thwarted, this action can cost a company thousands or millions in lost business transactions.
Who are the bad guys?
What’s really disturbing is that DDoS attacks can happen to anyone. Hacker services are even available for hire. ‘Dark Websites’ exist where malicious attacks can be made to order, based on how much a ‘customer’ wants to pay, the size of the attack (Mbps used) and the length of time the attack should remain active.
On top of concerted attacks intended to take down specific servers, hackers are in some cases looking to hold the victim’s site hostage, in return for a ransom sum, to be paid in bitcoins. A very 21st century form of highway robbery!
The situation
ProtonMail is a successful provider of cloud based encrypted email services, based in two Swiss located datacenters. It serves over 1 million customers in 150+ countries.
The company’s presenter and co-founder, Andy Yen, advised that this specific attack on November 4th 2015 involved a highly sophisticated ‘high volume’ DDoS which directly swamped Proton Mail’s email system, initially for a period of 15 minutes, followed by continued attempts that included attacking the datacenter and Internet Service Providers’ infrastructure.
The attacks took down the ProtonMail customer servers, periodically disabling them from being accessed by their users, whilst at the same time overloading the internet networks feeding these servers. The knock-on effect of the attack was the disturbance to companies sharing the same Internet Service Provider’s congested feed services.
Getting the lights back on
Andy explained that IP-Max was brought in to address the internet network problems on the Friday evening and worked continuously with them, through until the early hours (3am) of Sunday morning to get things back online. With the added skills of another key Swiss player, Radware Ltd being used for DDoS mitigation (DDoS scrubbing facilities), the full solution was finally achieved. The datacenter’s technical equipment design was also upgraded to better handle any threat into the future.
All’s well that ends well
ProtonMail were proud to announce that no customer data was lost during the attack, with all information remaining secure and protected. Obviously, this is a very important factor for an encrypted services provider and shows the benefits of using encrypted products.
Announcing that ProtonMail were “very happy with the exceptional service provided by its two Swiss support companies”, Andy even recommended IP-Max as the best choice in Switzerland. It was suggested that it is quite normal for some operators to cut off any attacked customer, in order to keep the problems on their networks limited and to let the victim sort out their own problems. However, in this case, IP-Max covered the congested network issue and was seen as totally dedicated to solving its customer’s problems.
Event sponsors, Fred Gargula and Greg Huet (joint owners of IP-Max SA) were very proud to have received such positive feedback. They openly voiced appreciation they received regarding their handling of a complex and difficult customer situation. As Fred explained “we are experienced platform management experts. It’s what we do, and we have the skills ready to help any company looking to better handle network design issues that may threaten business continuity and security of data.”
Carriers Lunch website: www.carrierslunch.ch
IP-Max SA website: www.ip-max.net
ProtonMail website: www.protonmail.ch
Radware Ltd website: www.radware.com
For more information on DDoS attacks visit the Digital Attack Map website: http://www.digitalattackmap.com/understanding-ddos/
Photo credit: Alexas_Fotos via Pixabay, CC0 License
Further reading:
SHAPING THE CYBER FUTURE
CYBER SECURITY: WHAT IS IT AND HOW CAN WE BENEFIT FROM IT?
