Industry News

ProtonMail and StartMail blocked as Russia hunts for bomb threat spammers

ProtonMail and StartMail blocked as Russia hunts for bomb threat spammers

Protonmail is the second encrypted email provider in the last week to find itself blocked from its Russian users, after authorities in the country said bomb threats had been spammed out claiming that bombs had been planted in public places.

Telecoms watchdog Roskomnadzor has confirmed that Protonmail, like the Dutch encrypted email service StartMail, has been blocked in Russia at the orders of the country’s intelligence agency, the FSB.

Protonmail’s VPN stablemate, ProtonVPN, was also impacted by the block the Russian government placed on the Geneva-based outfit’s services.

The action was spurred by a wave of bomb threats, sent via email, that have targeted schools, universities, healthcare facilities, shopping malls and other public places in Russia since late November 2019.

According to Roskomnadzor, the bogus emails are responsible for “creating a real threat of mass disturbance of public order and causing great concern among citizens and public outcry.”

The Russian authorities claim that by blocking access to the encrypted email services they might be able to reduce the scale of the problem.

In a statement the watchdog said that it was “confident that the owners of this resource are respectable citizens and have nothing to do with these malicious actions of extremists.”

Inevitably there have been concerns raised that Russia is putting pressure on the encrypted email services, which pride themselves on storing the least possible information (if any) about their users, and – due to the use of end-to-end email encryption – their inability to read encrypted messages or share them with third-parties.

In a blog post, StartMail emphasised that it has “not provided any information about StartMail users to the Russian authorities,” and “will never cooperate with any voluntary surveillance programs.”

The Dutch firm points out that making fake terror threats is illegal in the Netherlands, and that it is against its terms of service to use StartMail for any criminal purposes.

In a nutshell, StartMail says that if Russia wants the offending accounts shut down it should follow the appropriate process rather than block the entire service from its many legitimate users:

“If the Russian government brings a criminal matter (such as fake bomb threats) with proper evidence to the Dutch Authorities for Legal Assistance and/or to StartMail’s internal abuse team, StartMail will investigate and take action against the accounts in question if necessary. However, the Russian government has not contacted us on this matter.”

Instructions have been provided by ProtonMail on how Russian users can continue to access their email service via Tor, as well as a way of reconfiguring their VPN.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.