Security Experts:

Connect with us

Hi, what are you looking for?



U.K. Teen Involved in ProtonMail DDoS Attack Arrested

ProtonMail has helped law enforcement identify one of the members of the Apophis Squad, a group that has made bomb threats and launched distributed denial-of-service (DDoS) attacks against many organizations.

ProtonMail has helped law enforcement identify one of the members of the Apophis Squad, a group that has made bomb threats and launched distributed denial-of-service (DDoS) attacks against many organizations.

The U.K. National Crime Agency (NCA) announced this week that a 19-year-old from Hertfordshire was arrested on August 31. The teen, George Duke-Cohan, remains in custody after he pleaded guilty to three counts of making hoax bomb threats.

Duke-Cohan is said to be the leader of Apophis Squad, which has sent bomb threats to thousands of schools in the United Kingdom and the United States. The NCA says the teenager, known online as “7R1D3N7,” “DoubleParallax” and “optcz1,” has also admitted making a prank call claiming that a United Airlines flight traveling from the U.K. to San Francisco had been hijacked by gunmen, including one carrying a bomb.

While the charges in the U.K. focus on the hoax bomb threats, Apophis Squad is also known for launching DDoS attacks against encrypted email provider ProtonMail, cybersecurity journalist Brian Krebs, the DEF CON hacking conference, and government agencies in several countries. Its attacks and DDoS-for-hire services have apparently been inspired by the notorious Lizard Squad, whose members were also identified and charged by authorities.

ProtonMail reported in late June that it had been hit by a significant DDoS attack that caused some delays in the delivery of emails. The organization initially said a group linked to Russia had been behind the attack – Apophis Squad’s Twitter account claims the group is from Russia – but Radware, which helped ProtonMail mitigate the attack, later clarified that the attackers were actually based in the U.K.

In a blog post published on Thursday, ProtonMail Founder Andy Yen revealed that his organization helped authorities identify Duke-Cohan and other members of his group after learning that they had all been using ProtonMail.

It turns out that while Duke-Cohan and others claimed law enforcement would never be able to find them, they actually had poor operational security (opsec) practices and they even allowed their own servers to be breached.

Evidence collected from its own systems by ProtonMail and information from Brian Krebs helped identify Duke-Cohan as a member of Apophis Squad in the first week of August. However, British police only arrested him in late August after he threatened to make more bomb threats once school started in September.

The Twitter account used by Apophis Squad has not been active since August 31.

“We believe further charges are pending, along with possible extradition to the US,” Yen said.

ProtonMail aims to protect the privacy of its users, but warned that it does not protect individuals involved in criminal activities.

“That’s why we will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law,” Yen said. “In recent weeks, we have further identified a number of other individuals engaged in attacks against ProtonMail, and we are working with the appropriate authorities to bring them to justice.”

Related: Dozens of Teens Arrested Over DDoS Attacks

Related: Alleged Operators of DDoS Service Arrested in Israel

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...