[HN Gopher] We are seeing continued DDoS attacks against our inf...
___________________________________________________________________
We are seeing continued DDoS attacks against our infrastructure
Author : katsura
Score : 121 points
Date : 2021-10-31 18:15 UTC (4 hours ago)
(HTM) web link (status.fastmail.com)
(TXT) w3m dump (status.fastmail.com)
| humps wrote:
| My first question was: "Why on earth would anyone target
| Fastmail?" And to answer my own question, it seems a lot of email
| providers are in the firing line at the moment -
| https://therecord.media/ddos-attacks-hit-multiple-email-prov...
| jmclnx wrote:
| Interesting, my email provider (not fastmail) was down this
| morning. First time it ever happened (or first time I noticed).
| It is up now.
| codegeek wrote:
| I could be wrong/naive but aren't most DDOS attackers using a
| bunch of cheap VMs on the cloud to create a distributed network
| to attack ? Can these providers not do a better job of
| identifying the culprits and shutting them down ? I doubt it is
| easy to create Distributed-DOS if access to cheap VMs are
| restricted.
| nicolaslem wrote:
| They don't use cloud providers, they use botnets of
| compromised computers/IoT devices.
| KoftaBob wrote:
| What's the most common malware those computers are infected
| with, and most common way they got infected to begin with?
| JackGreyhat wrote:
| My educated guess: The most common way to get infected is
| via email.
| miketery wrote:
| Most sophisticated ones uses bots on residential devices. Ie
| malware infected, or visiting a site with abusive code.
| [deleted]
| tyingq wrote:
| This bit is interesting:
|
| _" Victims were targeted with a DDoS attack, and an email was
| later sent to the organizations, asking for a 0.06 BTC
| (~$4,000) ransom demand."_
|
| Four thousand dollars. I guess they were trying to shoot low in
| hopes of a quick payment?
|
| Also, Runbox posted a copy of the ransom email:
| https://blog.runbox.com/2021/10/runbox-is-under-attack-by-ex...
| schleck8 wrote:
| "Bitcoin is not used for ransomware and other cyber crime,
| it's traceable" - some crypto fans on social media
| swiley wrote:
| There has been malware that gave people addresses to mail
| cash to.
| schleck8 wrote:
| The exception confirms the rule
| howdydoo wrote:
| Ransomware has been around since (at least) the 80s, long
| before bitcoin. https://www.knowbe4.com/aids-trojan
| NicoJuicy wrote:
| Completely ignoring that all of them now use Bitcoin as
| payment method.
|
| Bitcoin makes it easier.
| buildbot wrote:
| To be fair, you could trace these transactions, and any
| from the address that receives them. It seems much better
| to use Monero or something if you intend to be nefarious.
| This is probably just ill thought out.
|
| edit: not a crypto fan personally.
| liuliu wrote:
| Bitcoin is easier for anyone to pay. Afterwards, you can
| wash this with Monero or other networks.
| Toutouxc wrote:
| You have successfully proved that some crypto fans say
| things that are wrong.
| howdydoo wrote:
| Would you get rid of your iPhone if you found out criminals
| used Apple gift cards?
| hsbauauvhabzb wrote:
| That analogy doesn't even fit his question.
| sshine wrote:
| But would you download a car?
| pclmulqdq wrote:
| Usually, bitcoin is demanded because it's easy for a target
| to acquire, then it is swapped for Monero to wash it before
| cashing out.
| miohtama wrote:
| This is not true. Crooks do not bother with Monero or
| even hiding their traces.
|
| https://capitalgram.com/posts/how-to-money-launder-
| bitcoin/
|
| For example, the REVil author is known
|
| https://threatpost.com/revil-ransomware-core-
| member/175863/
|
| It is all about geopolitics, privateering and for Russia
| and China to see incompetent Western companies to suffer.
| Waterluvian wrote:
| Test their response?
|
| Warm them up to the idea of capitulation?
| upofadown wrote:
| I don't understand how this works from the ransom email
| given. Anyone could send that email. It is because it is the
| first email? Otherwise why doesn't absolutely everyone send
| their own bitcoin address to any entity that seems to be
| having some sort of problem?
| tyingq wrote:
| _" I will start 1-2 hours attack on your site."_
|
| So it's sent prior to the attack.
| willcipriano wrote:
| This week:
|
| "Give me $50 or I break the windows in this place!"
|
| Next week:
|
| "Give me $75 or I break the windows in this place!"
| jcborro wrote:
| It's becoming a pattern in the last few weeks. Fastmail manages
| my business email which is causing quite the annoyance.
|
| According to the article, this is targeting multiple "privacy
| and security-centric email services". What are the odds this is
| a coordinated attempt to drive folks to less secure, or bigger
| corporate services?
| creato wrote:
| Are there any small (i.e. vulnerable to DDoS) service
| providers that _aren 't_ privacy and security centric?
| jjtheblunt wrote:
| school districts perhaps
| swiley wrote:
| I run my own mail and haven't seen any of this.
| KennyBlanken wrote:
| I can't think of any reason any intelligence agency in the
| world would want others using small, "privacy and security
| centric" (whatever that means? If your email is at any point
| unencrypted, it's not secure nor private) providers.
|
| Cloud email providers were a dream come true to the world's
| intelligence agencies and law enforcement.
| tpmx wrote:
| WFM, at least right now. Sending an email from gmail to fastmail
| took a bit longer (~25 seconds) than usual, but it got there. The
| web interface is fast.
| Icathian wrote:
| Can't access my website hosted there, and my notes synced using
| webdav pointed to files there also seem to be unavailable.
| Bummer.
|
| Can't really blame them, though, not much you can do with cannons
| pointed at you. I'm sure they'll be back up soon.
| tony101 wrote:
| ProtonMail managed to figure it out after the DDoS attack they
| faced 5 years ago:
|
| https://protonmail.com/support/knowledge-base/email-ddos-pro...
| marco1 wrote:
| Their response from a few days ago, including mentions of similar
| services affected, e.g. Mailbox.org and Posteo:
| https://fastmail.blog/company/fastmail-fights-off-ransom-cyb...
| 1cvmask wrote:
| DDoS attacks are oftentimes a cover for other cyberattacks. While
| IT teams are dealing with the DDoS attack, the main hack is going
| on silently in the background hidden by the "noise".
| fancy_pantser wrote:
| Do you have a source for how "oftentimes" in your assertion?
| 1cvmask wrote:
| Oftentimes as in the definition of frequently or in many
| instances. There are no stats of it being anywhere near a
| majority though. It is a classic subterfuge trick.
|
| Among the reasons cybercriminals love DDoS:
|
| 2) It gives them a convenient smokescreen. Cybercriminals
| like to create confusion - and they sometimes turn to DDoS
| attacks to distract and misdirect resource-deprived
| organizations from their primary goal: to pillage sensitive
| data. DDoS attacks are optimal subterfuge because they create
| noise and chaos that will attract the brunt of attention from
| your IT staff, leaving wide open the opportunity for your
| foes to simultaneously infiltrate your network and mask data
| exfiltration.
|
| 3) It can be the digital pretext to a physical attack.
| Sometimes a DDoS attack is merely a means to an end. Earlier
| this week our SpiderLabs team revealed a web-based
| vulnerability in a popular brand of printers that could
| result in denial-of-service attacks. Our researchers
| theorized that attackers could launch the printer attack and
| show up at the target organization pretending to be the
| "technician" called to fix the problem. This impersonation
| could net them direct physical access to IT resources that
| they might never have been able to access remotely.
| marco1 wrote:
| By the way, is the "yet" what is regarded as "editorialized"?
| There's hardly any "original title", apart from frequently
| changing status updates in the body.
|
| https://news.ycombinator.com/item?id=29058685
| prostanac wrote:
| I believe it was the "yet again", which implies that it is down
| frequently. Personally this is the first time I see it down,
| even though I heard that I had another incident recently.
| marco1 wrote:
| Thanks. It has indeed been down multiple times recently, both
| for active DDoS and for maintenance in response.
|
| A week ago, there was a post titled "Fastmail is having
| problems again", so today, "yet again" seemed adequate:
|
| https://news.ycombinator.com/item?id=28963609
| b1476 wrote:
| Oddly I'm still getting notifications for new mail but unable to
| download the content.
| katsura wrote:
| Same for me. I get notifications, but neither the mobile app
| not the website works.
| melomac wrote:
| Fastmail is great at reacting and transparently informing users.
| This is something I'd love to see "normalized" so users could
| efficiently assess service providers reliability.
| dang wrote:
| Recent and related:
|
| _Fastmail, Runbox, and Posteo under DDoS extortion attack_ -
| https://news.ycombinator.com/item?id=28968046 - Oct 2021 (123
| comments)
|
| _Fastmail is having problems again_ -
| https://news.ycombinator.com/item?id=28963609 - Oct 2021 (132
| comments)
|
| _We 're seeing an ongoing attack against our primary network
| provider_ - https://news.ycombinator.com/item?id=28952954 - Oct
| 2021 (87 comments)
| dboreham wrote:
| Fwiw every time there's been a "fastmail down" post here over the
| past few weeks, my mailbox has worked just fine.
| numbsafari wrote:
| Same here. Knock on wood...
|
| And, as a customer, I'll stand by their efforts not to
| capitulate.
| MichaelVangard wrote:
| "We are seeing continued DDoS attacks against our infrastructure
| and are working with our network provider on mitigation
| strategies. Our team are working hard to provide stability."
|
| https://www.fastmailstatus.com
| throwawaysea wrote:
| Related discussion from 9 days ago:
| https://news.ycombinator.com/item?id=28952954
| pyrophane wrote:
| I'm actually seeing the service coming back online for me now.
| Not ideal because I am actually doing some fairly urgent stuff
| over email this afternoon, but I am satisfied with the response
| from Fastmail. They acknowledge the issue quickly, and provided
| some specifics shortly after that. The total amount of time the
| service was unavailable for me was under 2 hours.
| ccvannorman wrote:
| Same story as last week. Who would want to destroy Fastmail? As a
| user this is extremely inconvenient.
| macintux wrote:
| Ransom, I'd assume. Thanks, Bitcoin, for making digital crime
| profitable.
| devmunchies wrote:
| It's a decentralized bounty system. If your company can't
| afford a reasonable bounty system, one will be provided for
| you.
| duckmysick wrote:
| How would a bounty system help with DDoS attacks?
| memeboop wrote:
| As a paying customer, this is starting to get irritating.
| Dumping them for another email provider doesn't seem like the
| right solution though, as this could happen to any provider. On
| the other hand, these are the situations that I am paying them
| for, to take care of for me, so that I don't have to administer
| my own email server.
| londons_explore wrote:
| Nobody is taking Google down with a DDoS anytime soon (at
| least not for any extended period).
| peakaboo wrote:
| There is nobody more evil on the internet than Google.
| Facebook comes close.
| naetius wrote:
| Which is probably one of the counter-arguments driving the
| global consolidation toward services owned by megacorps.
| This, in turn, contributes to the smaller/independent
| alternatives to become more prone to this sort of
| situations. And the cycle begins again.
| tony101 wrote:
| ProtonMail managed to figure it out after the DDoS attack
| they faced 5 years ago:
|
| https://protonmail.com/support/knowledge-base/email-ddos-
| pro...
| beermonster wrote:
| Google do read your email though, so think I'd rather
| suffer the short term availability issues IMHO
| ocdtrekkie wrote:
| On the tradeoff, I'd much rather suffer occasional DDOSes
| than sign a contract with the devil.
| mmcclimon wrote:
| For what it's worth: as a Fastmail employee, it's also
| extremely irritating for us!
| warpech wrote:
| Speaking as a happy customer for many years: Thank you and
| hold on!
| newsbinator wrote:
| Whenever I've needed support from Fastmail, I've received a
| well thought-out response from somebody who knows what
| they're talking about.
|
| It's not bottom of the barrel outsourced "customer service"
| designed to point people to FAQ articles. It's
| professionals who work as professionals.
|
| I'm sticking with Fastmail for now.
| mmcclimon wrote:
| Oh yeah, our support team is worth their weight in gold.
| They're all real people who know an awful lot of arcana
| about the nuts and bolts of email, and much more friendly
| and helpful than if I needed to talk to our customers on
| a regular basis!
|
| And in times like today, it's _so nice_ to be able to say
| "hey, $person_working_now, could you deal with
| fastmailstatus.com and Twitter please?" and the
| engineering staff don't even have to think about it!
| chrisseaton wrote:
| > Who would want to destroy Fastmail?
|
| People want money. Motivation is as old as time.
|
| > As a user this is extremely inconvenient.
|
| Lol well yes that's the aim!
| LeoPanthera wrote:
| Still getting mail over IMAP just fine here.
|
| Edit: Spoke too soon. Getting errors now.
| [deleted]
___________________________________________________________________
(page generated 2021-10-31 23:01 UTC)