11 November 2015
ProtonMail Allegedly Proxied by Israeli Firm with IDF Links
ProtonMail is/was under large scale DDoS attack, with bold and resourced
attackers unafraid to cause collateral damage to provider infrastructure.
ProtonMail said likely attacker is/was nation-state. ProtonMail subsequently
announced they received support to filter the attack, rescuing the service.
Let us examine final 5 traceroute hops to ProtonMail:
Hop 7 is
Binat" based in Israel.
%rwhois V-1.5:0010b0:00 rwhois.cogentco.com (CGNT rwhoisd 0.0.0)
network:Street-Address:Habarzel 27 Tel Aviv Or Building A 69710 Israel
Internet Binat is synonymous with
Communications" which built the Israeli Defense Forces "cloud" server
farm, and the IDF Intelligence Corps "technology campus" in the Negev, in
deals brokered by Lockheed Martin.
Binat and Bynet
spell their names identically (vet-yud-nun-tuff) in Hebrew, share the same
Habarzel 27 address, and are linked by Binat CEO Shmulik Haber.
Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer
of generous "help" it could not refuse, necessarily a re-route of all traffic
through third-party "anti-DDoS" systems. Now the "Switzerland" based privacy
firm is proxied by an Israeli firm for traffic analysis, network exploitation
of users, cryptographic monkeying. Israeli expertise in the latter is unmatched.
Classic gov-mil cyber op with great PR happy ending for exploited asset.
Users of ProtonMail must not fret; they got lucky with this fumble. Don't
trust this security faker; don't trust the next one.