The UK National Crime Agency (NCA) has arrested 19-year-old George Duke-Cohan for his involvement in the ProtonMail DDoS attack. Known by several pseudonyms online including '7R1D3N7', ‘DoubleParalla' and ‘optcz1', the teen is believed to be a key member of Apophis Squad.
"Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavor, we were assisted by a number of cybersecurity professionals who are also ProtonMail users," Andy Yen, CEO of ProtonMail, said in a blog post.
Despite the Apophis Squad boasting that federal authorities would not be able to find them, the cybercriminals actually followed very poor operational security. This allowed investigators to compromise some of the hacker group’s servers.
Further investigation revealed that in addition to launching attacks on ProtonMail, the threat group was also conducted attacks on other government agencies across numerous countries.
“By sifting through the clues, we soon discovered that some members of Apophis Squad were, in fact, ProtonMail users. This was soon confirmed by a number of law enforcement agencies that reached out to us. It seemed that in addition to attacking ProtonMail, Duke-Cohan and his accomplices were engaged in attacking government agencies in a number of countries,” said Yen.
The firm was able to reinstate the ProtonMail email and VPN services in no time due to the help from Radware, F5 Networks and their infrastructure team.
“Fortunately, due to the efforts of Radware, F5 Networks, and our infrastructure team, we were able to keep service disruptions to a minimum. However, the security, reliability, and reputation of Proton services are our highest priority, and we take all attacks against us extremely seriously. As part of our commitment to security, we will actively pursue all those who try to harm ProtonMail and bring them to justice,” explained Yen.
ProtonMail has vowed to prioritize the privacy and security of users. The firm said that it will continue to cooperate with law enforcement agencies to the fullest to prevent such cybercrimes.
“That’s why we will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for the crime. We will also cooperate with law enforcement agencies within the framework of Swiss law,” Yen said. “In recent weeks, we have further identified a number of other individuals engaged in attacks against ProtonMail, and we are working with the appropriate authorities to bring them to justice.”