British teenage hacker arrested over hoax bomb threats and DDoS attack on ProtonMail
George Duke-Cohan was apparently recruited by criminal group Apophis Squad through playing Minecraft
A 19-year-old member of the hacking group Apophis Squad was arrested by UK police last week. George Duke-Cohan from Watford, who uses the aliases '7R1D3N7', ‘DoubleParalla' and ‘optcz1', was identified after the criminal group launched a series of DDoS attacks on Swiss-based encrypted email and VPN provider ProtonMail in June.
Writing in the ProtonMail blog, CEO Andy Yen said that a team of security researchers had assisted the firm in investigating those responsible for the attacks.
"Our security team began to investigate Apophis Squad almost immediately after the first attacks were launched. In this endeavour, we were assisted by a number of cybersecurity professionals who are also ProtonMail users. It turns out that despite claims by Apophis Squad that federal authorities would never be able to find them, they themselves did not practice very good operational security. In fact, some of their own servers were breached and exposed online."
Yen did not go into details about how Duke-Cohan was ‘conclusively' identified, save to say that "intelligence provided by a trusted source" played a part.
The group attacked ProtonMail in June, apparently on a whim, but the attacks intensified after CTO Bart Butler responded to a tweet from the group, saying "we're back you clowns". Apophis Squad also attacked Tutanota, another encrypted email provider.
Users of ProtonMail email and VPN services saw them briefly disrupted, but "due to the efforts of Radware, F5 Networks, and our infrastructure team, we were able keep service disruptions to a minimum," Yen said.
As a member of Apophis Squad, Duke-Cohan was also involved in making hoax bomb threats to schools and colleges and airlines which saw 400 educational facilities in the UK and USA evacuated and a United Airlines flight grounded in San Francisco in March. He pleaded guilty in Luton Magistrates Court to three counts of making bomb threats and is due to appear before Luton Crown Court on September 21 to face further charges. He also faces possible extradition to the US.
Marc Horsfall, senior investigating officer at the National Crime Agency said: "George Duke-Cohan made a series of bomb threats that caused serious worry and inconvenience to thousands of people, not least an international airline. He carried out these threats hidden behind a computer screen for his own enjoyment, with no consideration for the effect he was having on others."
Duke-Cohan's parents have said he was "groomed" by "serious people" online through playing the game Minecraft. Apophis Squad is thought to be based in Russia.
ProtonMail's Yen said other attackers have also been identified and the authorities notified.
"We will investigate to the fullest extent possible anyone who attacks ProtonMail or uses our platform for crime. We will also cooperate with law enforcement agencies within the framework of Swiss law," he said.
The encrypted email provider has endured a number of serious attacks over the years, and Yen said the company has to "face off against cyber attacks on a daily basis. Over the course of this summer, no fewer than five separate groups have been conducting attacks against ProtonMail."