11 November 2015

ProtonMail Allegedly Proxied by Israeli Firm with IDF Links

A sends:

ProtonMail is/was under large scale DDoS attack, with bold and resourced attackers unafraid to cause collateral damage to provider infrastructure. ProtonMail said likely attacker is/was nation-state. ProtonMail subsequently announced they received support to filter the attack, rescuing the service. Let us examine final 5 traceroute hops to ProtonMail:

6. be2115.agr21.fra03.atlas.cogentco.com 7. 149.6.141.150 8. 10.1.100.3 9. ??? 10. 185.70.40.182

Hop 7 is "Internet Binat" based in Israel.

%rwhois V-1.5:0010b0:00 rwhois.cogentco.com (CGNT rwhoisd 0.0.0)

network:ID:NET4-95068D941E network:Network-Name:NET4-95068D941E network:IP-Network:149.6.141.148/30 network:Org-Name:Internet Binat network:Street-Address:Habarzel 27 Tel Aviv Or Building A 69710 Israel network:City:tel aviv network:Country:IL network:Tech-Contact:ZC108-ARIN network:Updated:2015-07-08 17:07:25

Internet Binat is synonymous with "Bynet Data Communications" which built the Israeli Defense Forces "cloud" server farm, and the IDF Intelligence Corps "technology campus" in the Negev, in deals brokered by Lockheed Martin.

http://www.israeldefense.co.il/en/content/defense-sector-will-switch-cloud-computing-nevertheless

http://www.globes.co.il/en/article-1000849860

Binat and Bynet spell their names identically (vet-yud-nun-tuff) in Hebrew, share the same Habarzel 27 address, and are linked by Binat CEO Shmulik Haber.

https://il.linkedin.com/in/shmulik-haber-9871a94

Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer of generous "help" it could not refuse, necessarily a re-route of all traffic through third-party "anti-DDoS" systems. Now the "Switzerland" based privacy firm is proxied by an Israeli firm for traffic analysis, network exploitation of users, cryptographic monkeying. Israeli expertise in the latter is unmatched. Classic gov-mil cyber op with great PR happy ending for exploited asset. Users of ProtonMail must not fret; they got lucky with this fumble. Don't trust this security faker; don't trust the next one.