Pierluigi Paganini September 07, 2018

UK NCA arrested a member of the Apophis Squad hacker group that launched distributed denial-of-service (DDoS) attacks against many organizations, including ProtonMail.

The U.K. National Crime Agency (NCA) announced the arrest of the 19-year-old George Duke-Cohan from Hertfordshire that was involved in the ProtonMail DDoS attack.

The teenager, aka “7R1D3N7,” “DoubleParallax” and “optcz1,”was arrested on August 31 and is still in custody after he pleaded guilty to three counts of making hoax bomb threats.

According to the investigator, the young man is the leader of the Apophis Squad, which is the hacking group that sent bomb threats to thousands of schools in the United Kingdom and the United States.

The group is also known for launching massive DDoS attacks against encrypted email provider ProtonMail, the popular investigator Brian Krebs, the DEF CON hacking conference, and government agencies worldwide.

The team was offering a DDoS-for-hire service that has many similarities with the booter implemented by the popular Lizard Squad hacking crew.

“Yesterday at Luton Magistrates Court, George Duke-Cohan, 19, pleaded guilty to three counts of making hoax bomb threats following an investigation by the National crime Agency.
Duke-Cohan sent the bomb threats that resulted in over 400 schools in the UK being evacuated in March 2018 for which he was arrested just days later.” reads the announcement published by the NCA.

“In April whilst under investigation, he sent a mass email to schools in the UK and the US claiming that pipe bombs had been planted on the premises.”

He has admitted making bomb threats to thousands of schools and a United Airlines flight travelling from the UK to San Francisco in August.

The NCA says the teenager, known online as “7R1D3N7,” “DoubleParallax” and “optcz1,” has also admitted making a prank call claiming that a United Airlines flight traveling from the U.K. to San Francisco had been hijacked by gunmen, including one carrying a bomb.

ProtonMail was hit by a massive DDoS attack in June that caused some delays to the operations of the company, the offensive was mitigated with the help of the security firm Radware.

ProtonMail Founder Andy Yen confirmed that his company helped law enforcement for identifying Duke-Cohan and other members of the group that were all ironically using the ProtonMail service.

Brian Krebs also provided precious information that helped the NCA in identifying the teenager in earlier August.

“What we found, combined with intelligence provided by renowned cyber security journalist Brian Krebs, allowed us to conclusively identify Duke-Cohan as a member of Apophis Squad in the first week of August, and we promptly informed law enforcement,” Protonmail wrote in a blog post.

“British police did not move to immediately arrest Duke-Cohan however, and we believe there were good reasons for that. Unfortunately, this meant that through much of August, ProtonMail remained under attack, but due to the efforts of Radware, ProtonMail users saw no impact.”

ProtonMail CEO believes further charges are pending, along with possible extradition to the US.

ProtonMail highlighted that it is committed to protecting the privacy of its users, but he will not accept that its service could be abused by cybercriminals.

“That’s why we will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law,” warned ProtonMail.

“In recent weeks, we have further identified a number of other individuals engaged in attacks against ProtonMail, and we are working with the appropriate authorities to bring them to justice.”

Pierluigi Paganini

(Security Affairs –  Apophis Squad, ProtonMail DDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]