Tutanota Encrypted Email Service Suffers DDoS Cyberattacks

Encrypted email service, Tutanota has experienced a series of DDoS attacks this week, first targeting the Tutanota website and further its DNS providers.

This had caused downtime for several hours for millions of Tutanota users.

The outage was further exacerbated by the fact that different DNS servers continued to cache the incorrect entries for the domain.

Tutanota is a German provider of end-to-end encrypted email service with over 2 million users. The company is frequently cited alongside popular encrypted email providers like ProtonMail.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

First DDoS Attack

DDoS attacks directly targeting Tutanota surfaced on the weekend before September 14th.

This incident caused issues for a few hundred users, but was remedied shortly by restricting an “overreacting IP-block” responsible for the attack.

“This weekend continuous DDoS attacks and an infrastructure issue led to [downtimes] for hundreds of users. While we were able to mitigate most of the DDoS, an overreacting IP-block to fight the attacks led to hundreds of users not being able to access Tutanota for multiple hours this Sunday,” stated Tutanota in a blog post.

The post further boasted of the many anti-DDoS measures and improvements the company has implemented which should make it quicker to remediate any future disruptions that may arise from DDoS attacks.  

“In general, despite the setback on Sunday, our DDoS mitigation has improved a lot. We are now able to mitigate most attacks within short times,” read the post.

Attackers Further Strike DNS Providers

Rather than focusing on bringing down Tutanota’s servers directly, the attackers decided to employ alternative means.

The second iteration of the DDoS attack hit the DNS provider which hosts records for Tutanota.

“As a result these providers went down. We quickly tried to update our DNS records and host them at another provider. This did not work initially because the DNS entries got locked at one of the DNS hosting providers,” states the company in another post.

The fact the DDoS attacks brought the DNS providers down made it challenging for the company to change DNS records midway. This left millions of users without access to their Tutanota accounts:

“Because we couldn’t change the DNS entries for our domain, Tutanota was inaccessible for millions of users around the world for most of Wednesday night.”

Also Read: MAS Technology Risk Management Guidelines

“Direct Attack” on our Freedom and Privacy

Tutanota’s co-founder Matthias Pfau told BleepingComputer, “This is a direct attack on our freedom and our right to privacy. With Tutanota we provide a secure communication tool to millions of users around the world, also to activists and journalists. These constant attacks against Tutanota seem to have only one aim: To stop citizens from using encrypted email.”

As soon as the circumstances permitted, Tutanota’s administrators were able to re-map the DNS entries for the domain to another DNS provider which could withstand the continued attacks.

The company confirmed that the service to their email service had been restored as of Thursday, September 17th at 7:30 CET.

Because of the intermittent outages, however, several emails sent to Tutanota’s users may have not been delivered and bounced back to the sender.

Tutanota reassured its users that no user data was compromised and that the end-to-end encrypted nature of the service makes it impossible for even the company to access the data.

“As we are improving our own DDoS mitigation system, the attackers seem to look for other targets to harm us”, says Pfau. “As we are a privacy-focused service, using a mitigation service that requires our SSL key for their service is not an option for us.”

“That’s the challenge of building a secure and privacy-respecting email service. But we’ll achieve this, just like we’ve managed to not use any Google services like Google push for our Android app.”