ProtonMail, the Geneva-based encrypted email service that was developed by CERN scientists, was taken off line on Tuesday 3 November by what the company describes as an “extrememly powerful DDoS attack”.
At time of writing the service was still offline.
Writing in a blog, CEO Andy Yen says:
“The attackers began by flooding our IP addresses. That quickly expanded to the data centre in Switzerland where we have our servers. In the process of attacking us, several other tech companies and even some banks were knocked offline temporarily.”
Yen continues: “Despite our best efforts, we have been unable to stop the attack but we are working non-stop to get back online.”
ProtonMail is one of a number of “zero-knowledge”, end-to-end encrypted email services that have sprung up in Switzerland and Germany in the wake of the Snowden revelations
Its website makes the point that its servers are heavily protected and isolated.
“We have invested heavily in owning and controlling our own server hardware at several locations within Switzerland so your data never goes to the cloud,” says the company’s website.
“Our primary data centre is located under 1,000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack,” it continues.
One thousand metres of granite is no protection against a concerted internet-based attack, however, but Yen assures users their data is safe.
“Even though access is limited, an important thing to note is that our core end-to-end encryption holds strong and is 100 per cent untouched. All user data is fine and safe,” he says in the blog.
It is not known where the DDoS [distributed denial of service] attack originated from. The company advises users to turn to its Twitter account @ProtonMail for updates.
Recent Computing research found that 40 percent of IT professionals are now using encrypted email services.
Join us in London for our Enterprise Security & Risk Management Summit on 26 November. Registration is free for most delegates.