ProtonMail hacks its attacker's website, refuses later

Every second day, we hear about some organisation’s website or internal networks getting hacked. The hacker community is developing its arsenal of digital weapons faster than the tech industry developing ways to protect personal data on computers. However, the good guys of the tech world also know a trick or two to get back at their attackers in their own ways, which was recently shown by ProtonMail.

Someone was sending false messages to ProtonMail users reading, “You have an overdue invoice”. The message led users to a phishing website with false ProtonMail login ID window. The company got to know about it and retaliated with a taste of the attacker’s own medicine — they hacked back hacker’s website.

ProtonMail even boasted about the same on Twitter, stating that they too hacked the phishing website and took it down eventually. The post was taken down too later. When Twitter user x0rz took a screenshot of the same and posted it on his account, he was asked by ProtonMail to remove it. Motherboard was even told that the post was promoting something that may not have happened in the first place. "For reasons that you can probably understand, we do not really comment on the record regarding phishing attempts, and we cannot confirm nor deny if anything happened, they added.

ProtonMail may be keeping in mind the ethical practices that an organisation shouldn’t follow, which could be the reason to deny the claim. However, this is one of the ways to discourage hackers gaining control over someone else’s property and cause harm. Hopefully, the ProtonMail attacker got his lesson.

(source)