Apophis Squad member responsible for attacks against Proton Mail has been arrested

Andy Yen

Share this page

UPDATE Dec. 3, 2020: A second member of the Apophis Squad, Timothy Dalton Vaughan, pleaded guilty in US federal court to sending bomb threats to thousands of schools in the UK and US, launching numerous distributed denial-of-service attacks and for possessing sexually explicit images of minors. Vaughan, who used several aliases, including “WantedbyFeds,” “Hacker_R_US,” and HDGZero,” received a sentence of eight years in federal prison. As an individual who used Proton Mail to commit a crime, we have devoted resources to bring Vaughan to justice and cooperated with law enforcement as required by Swiss law.

Earlier this week, the British National Crime Agency announced the arrest of George Duke-Cohan, also known by his aliases “7R1D3N7,” “DoubleParallax,” and, more recently, “optcz1.” At Proton Mail, we unfortunately have to face off against cyberattacks on a daily basis. Over the course of this summer, no fewer than five separate groups have been conducting attacks against Proton Mail. Duke-Cohan was a key member of Apophis Squad, a criminal group which was involved in cyberattacks against Proton Mail.

Fortunately, due to the efforts of Radware, F5 Networks, and our infrastructure team, we were able to keep service disruptions to a minimum(new window). However, the security, reliability, and reputation of Proton services are our highest priority, and we take all attacks against us extremely seriously. As part of our commitment to security, we will actively pursue all those who try to harm Proton Mail and bring them to justice. To fulfill this commitment, we are willing to commit all necessary financial, legal, and technical resources.

Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavor, we were assisted by a number of cybersecurity professionals who are also Proton Mail users. It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online.

By sifting through the clues, we soon discovered that some members of Apophis Squad were in fact Proton Mail users. This was soon confirmed by a number of law enforcement agencies that reached out to us. It seemed that in addition to attacking Proton Mail, Duke-Cohan and his accomplices were engaged in attacking government agencies in a number of countries. Predictably, this triggered law enforcement agencies to make MLAT requests asking us to render assistance to the extent that is possible(new window) given Proton Mail’s encryption.

What we found, combined with intelligence provided by renowned cyber security journalist Brian Krebs(new window), allowed us to conclusively identify Duke-Cohan as a member of Apophis Squad in the first week of August, and we promptly informed law enforcement. British police did not move to immediately arrest Duke-Cohan however, and we believe there were good reasons for that. Unfortunately, this meant that through much of August, Proton Mail remained under attack, but due to the efforts of Radware, Proton Mail users saw no impact.

It, however, also led to a very unfortunate incident involving United Airlines Flight 949. On Aug. 9, Duke-Cohan posed as the father of a distressed airline passenger, claiming that a London to San Francisco flight had been hijacked and that there was a bomb on the plane. Upon arrival in San Francisco, the plane was quarantined and extensively searched. This, combined with the fact that Apophis Squad had threatened to send bomb threats to UK schools when school started again in September, made it necessary for British police to take action.

On Aug. 31, officers from the British National Crime Agency (NCA) arrested Duke-Cohan outside of London. On Monday, he pleaded guilty in a UK court to three counts of making bomb threats to schools and airlines. We believe further charges are pending, along with possible extradition to the US.

Our mission is to bring privacy, security, and freedom of information to citizens around the world. However, this does not extend to protecting individuals who are engaged in criminal activities. That’s why we will investigate to the fullest extent possible anyone who attacks Proton Mail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law.

In recent weeks, we have further identified a number of other individuals engaged in attacks against Proton Mail, and we are working with the appropriate authorities to bring them to justice. We believe this work is absolutely essential to make the world safer for the rest of us.

Thank you for your continued support as we fight for what is right.

Protect your privacy with Proton
Get a free account

Share this page

Andy Yen

Andy is the founder and CEO of Proton. He is a long-time advocate for privacy rights and has spoken at TED, Web Summit, and the United Nations about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in particle physics from Harvard University.

Related articles

The first month of 2023 has brought brutal layoffs from Big Tech, a potential ban of TikTok in the US, and another Twitter breach. But the biggest development of this new year has to be the ascent of ChatGPT.  The chatbot can produce remarkably huma
Hackers were able to steal account details from over 200 million Twitter users and posted the database on a hacking forum in early January 2023. These details include users’ email addresses and Twitter handles, allowing people to potentially identify
From your online shopping receipts to financial statements, your emails contain a great deal of sensitive information about your life, interests, and daily schedule. If you’re concerned about your online privacy, it’s therefore vital to keep your inb
At Proton, we’re committed to building privacy-focused products that are convenient to use and improve your productivity. Last year, we released the new mobile apps for Proton Calendar and Proton Drive, letting you manage your schedule and upload imp
Most email services aren’t secure and limit attachment file sizes, but there are ways to send large files securely. If you’ve ever tried attaching multiple images or video files to an email, you’ll know that it doesn’t always work. We explain ways t
Email wasn’t initially designed to be secure. From spam and phishing attempts to malware, unethical marketers and cybercriminals try to undermine the security and privacy of your inbox every day. Since your inbox stores plenty of sensitive informatio