Comment by eric-hu
10 years ago
This is a risk the datacenter exposes their customers to by nature of how they operate. It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these. If their typical response to ransom requests was "you need to consider how you're impacting our business", I would take my business elsewhere.
> I would take my business elsewhere.
Great in theory, but surely nobody "elsewhere" will host you securely if hosting you means all their other customers get hosed.
"the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us."
Protonmail could just be talking this up, but if your ISP's (or AWS's) fancy countermeasures don't deal with this, why would they keep you? And why would any other ISP want or accept your business?
The problem with ProtonMail is that their business model and brand are based on being domiciled in Switzerland and operating under Swiss law. Their datacenter threatened them if they didn't pay the attackers and no other datacenter in Switzerland was willing to take them. They tweeted out for help finding one after everyone with sufficient bandwidth to withstand the attacks rejected them: https://twitter.com/ProtonMail/status/662212032368889856 Eventually, one came forward. But, the ransom had already been paid at that point.
> It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these.
There are very good clean pipe services available; the major limitation is that the clean pipe provider must have enough capacity to absorb any attack... something that can be quite difficult unless you are someone like L3.
However, the good clean pipe services are all very expensive. (I don't mean the "http only" service like cloudflare; that is a very different sort of thing.) - this is because of that aforementioned limitation; you need a lot of headroom in your bandwidth to run a clean pipe service.
But yeah, amazon charges a lot more for bandwidth than you'd expect to pay direct from a transit provider at small-ISP scale, so I would hope that they have enough capacity and technology to filter fairly large attacks.