72 comments

[ 3.4 ms ] story [ 132 ms ] thread
Oddly I’m still getting notifications for new mail but unable to download the content.
Same for me. I get notifications, but neither the mobile app not the website works.
"We are seeing continued DDoS attacks against our infrastructure and are working with our network provider on mitigation strategies. Our team are working hard to provide stability."

https://www.fastmailstatus.com

Same story as last week. Who would want to destroy Fastmail? As a user this is extremely inconvenient.
Ransom, I'd assume. Thanks, Bitcoin, for making digital crime profitable.
It’s a decentralized bounty system. If your company can’t afford a reasonable bounty system, one will be provided for you.
How would a bounty system help with DDoS attacks?
As a paying customer, this is starting to get irritating. Dumping them for another email provider doesn't seem like the right solution though, as this could happen to any provider. On the other hand, these are the situations that I am paying them for, to take care of for me, so that I don't have to administer my own email server.
Nobody is taking Google down with a DDoS anytime soon (at least not for any extended period).
On the tradeoff, I'd much rather suffer occasional DDOSes than sign a contract with the devil.
There is nobody more evil on the internet than Google. Facebook comes close.
Which is probably one of the counter-arguments driving the global consolidation toward services owned by megacorps. This, in turn, contributes to the smaller/independent alternatives to become more prone to this sort of situations. And the cycle begins again.
Google do read your email though, so think I’d rather suffer the short term availability issues IMHO
I wonder if a paying Google Workplace account still suffers from that. Do they read people’s pro accounts emails?
For what it's worth: as a Fastmail employee, it's also extremely irritating for us!
Speaking as a happy customer for many years: Thank you and hold on!
Whenever I've needed support from Fastmail, I've received a well thought-out response from somebody who knows what they're talking about.

It's not bottom of the barrel outsourced "customer service" designed to point people to FAQ articles. It's professionals who work as professionals.

I'm sticking with Fastmail for now.

Oh yeah, our support team is worth their weight in gold. They're all real people who know an awful lot of arcana about the nuts and bolts of email, and much more friendly and helpful than if I needed to talk to our customers on a regular basis!

And in times like today, it's so nice to be able to say "hey, $person_working_now, could you deal with fastmailstatus.com and Twitter please?" and the engineering staff don't even have to think about it!

> Who would want to destroy Fastmail?

People want money. Motivation is as old as time.

> As a user this is extremely inconvenient.

Lol well yes that’s the aim!

Still getting mail over IMAP just fine here.

Edit: Spoke too soon. Getting errors now.

(comment deleted)
My first question was: "Why on earth would anyone target Fastmail?" And to answer my own question, it seems a lot of email providers are in the firing line at the moment - https://therecord.media/ddos-attacks-hit-multiple-email-prov...
(comment deleted)
This bit is interesting:

"Victims were targeted with a DDoS attack, and an email was later sent to the organizations, asking for a 0.06 BTC (~$4,000) ransom demand."

Four thousand dollars. I guess they were trying to shoot low in hopes of a quick payment?

Also, Runbox posted a copy of the ransom email: https://blog.runbox.com/2021/10/runbox-is-under-attack-by-ex...

Test their response?

Warm them up to the idea of capitulation?

This week:

"Give me $50 or I break the windows in this place!"

Next week:

"Give me $75 or I break the windows in this place!"

"Bitcoin is not used for ransomware and other cyber crime, it's traceable" - some crypto fans on social media
To be fair, you could trace these transactions, and any from the address that receives them. It seems much better to use Monero or something if you intend to be nefarious. This is probably just ill thought out.

edit: not a crypto fan personally.

Bitcoin is easier for anyone to pay. Afterwards, you can wash this with Monero or other networks.
You have successfully proved that some crypto fans say things that are wrong.
There has been malware that gave people addresses to mail cash to.
The exception confirms the rule
This expression makes my skin crawl everytime. It simply makes no sense.

(nothing personal, plenty of people use it but it is so illogical that it wild be unethical not to protest)

Usually, bitcoin is demanded because it's easy for a target to acquire, then it is swapped for Monero to wash it before cashing out.
Would you get rid of your iPhone if you found out criminals used Apple gift cards?
That analogy doesn’t even fit his question.
But would you download a car?
I'm going to need a bigger printer, but yeah, I would.
I don't understand how this works from the ransom email given. Anyone could send that email. It is because it is the first email? Otherwise why doesn't absolutely everyone send their own bitcoin address to any entity that seems to be having some sort of problem?
"I will start 1-2 hours attack on your site."

So it's sent prior to the attack.

It's becoming a pattern in the last few weeks. Fastmail manages my business email which is causing quite the annoyance.

According to the article, this is targeting multiple "privacy and security-centric email services". What are the odds this is a coordinated attempt to drive folks to less secure, or bigger corporate services?

Are there any small (i.e. vulnerable to DDoS) service providers that aren't privacy and security centric?
I run my own mail and haven't seen any of this.
I can't think of any reason any intelligence agency in the world would want others using small, "privacy and security centric" (whatever that means? If your email is at any point unencrypted, it's not secure nor private) providers.

Cloud email providers were a dream come true to the world's intelligence agencies and law enforcement.

Interesting, my email provider (not fastmail) was down this morning. First time it ever happened (or first time I noticed). It is up now.
I could be wrong/naive but aren't most DDOS attackers using a bunch of cheap VMs on the cloud to create a distributed network to attack ? Can these providers not do a better job of identifying the culprits and shutting them down ? I doubt it is easy to create Distributed-DOS if access to cheap VMs are restricted.
They don't use cloud providers, they use botnets of compromised computers/IoT devices.
What's the most common malware those computers are infected with, and most common way they got infected to begin with?
My educated guess: The most common way to get infected is via email.
IoT devices get infected because they usually use common software stacks that go un patched. There's crawlers always doing their thing and looking to pop these.
Most sophisticated ones uses bots on residential devices. Ie malware infected, or visiting a site with abusive code.
Can't access my website hosted there, and my notes synced using webdav pointed to files there also seem to be unavailable. Bummer.

Can't really blame them, though, not much you can do with cannons pointed at you. I'm sure they'll be back up soon.

By the way, is the “yet” what is regarded as “editorialized”? There’s hardly any “original title”, apart from frequently changing status updates in the body.

https://news.ycombinator.com/item?id=29058685

I believe it was the “yet again”, which implies that it is down frequently. Personally this is the first time I see it down, even though I heard that I had another incident recently.
Thanks. It has indeed been down multiple times recently, both for active DDoS and for maintenance in response.

A week ago, there was a post titled “Fastmail is having problems again”, so today, “yet again” seemed adequate:

https://news.ycombinator.com/item?id=28963609

Fwiw every time there's been a "fastmail down" post here over the past few weeks, my mailbox has worked just fine.
Same here. Knock on wood…

And, as a customer, I’ll stand by their efforts not to capitulate.

I'm actually seeing the service coming back online for me now. Not ideal because I am actually doing some fairly urgent stuff over email this afternoon, but I am satisfied with the response from Fastmail. They acknowledge the issue quickly, and provided some specifics shortly after that. The total amount of time the service was unavailable for me was under 2 hours.
WFM, at least right now. Sending an email from gmail to fastmail took a bit longer (~25 seconds) than usual, but it got there. The web interface is fast.
Fastmail is great at reacting and transparently informing users. This is something I'd love to see "normalized" so users could efficiently assess service providers reliability.
DDoS attacks are oftentimes a cover for other cyberattacks. While IT teams are dealing with the DDoS attack, the main hack is going on silently in the background hidden by the "noise".
Do you have a source for how "oftentimes" in your assertion?
Oftentimes as in the definition of frequently or in many instances. There are no stats of it being anywhere near a majority though. It is a classic subterfuge trick.

Among the reasons cybercriminals love DDoS:

2) It gives them a convenient smokescreen. Cybercriminals like to create confusion - and they sometimes turn to DDoS attacks to distract and misdirect resource-deprived organizations from their primary goal: to pillage sensitive data. DDoS attacks are optimal subterfuge because they create noise and chaos that will attract the brunt of attention from your IT staff, leaving wide open the opportunity for your foes to simultaneously infiltrate your network and mask data exfiltration.

3) It can be the digital pretext to a physical attack. Sometimes a DDoS attack is merely a means to an end. Earlier this week our SpiderLabs team revealed a web-based vulnerability in a popular brand of printers that could result in denial-of-service attacks. Our researchers theorized that attackers could launch the printer attack and show up at the target organization pretending to be the "technician" called to fix the problem. This impersonation could net them direct physical access to IT resources that they might never have been able to access remotely.