A major OpSec mistake led to the arrest of a hacker part of a hacking crew that launched DDoS attacks against ProtonMail, Tutanota, and many other sites through the summer.
The hacker is a 19-year-old teenager named George Duke-Cohan, from Hertfordshire, UK. Duke-Cohan was known online under the nickname of "optcz1," the leader of the Apophis Squad hacking crew.
The UK National Crime Agency announced Duke-Cohan's arrest earlier today, along with the teenager's guilty plea for making bomb threats against 400 schools and a UK-to-US intercontinental flight.
In blog posts published today after the NCA announcement, ProtonMail and infosec journalist Brian Krebs --whose site Apophis Squad members had also hit with DDoS attacks-- confirmed that information they provided to authorities following attacks on their sites led to Duke-Cohan's arrest.
In particular, ProtonMail says that Duke-Cohan and other Apophis Squad members were ProtonMail users, a valuable piece of information that narrowed down the search for possible suspects.
ProtonMail provided info on Duke-Cohan to UK authorities in early August, but the NCA did not intervene to make an arrest, for valid reasons, according to the secure email provider.
"It, however, also led to a very unfortunate incident involving United Airlines Flight 949," ProtonMail founder Andy Yen said today. "On Aug. 9, Duke-Cohan posed as the father of a distressed airline passenger, claiming that a London to San Francisco flight had been hijacked and that there was a bomb on the plane."
Because the teen continued with his ways, and after more bomb threats made against UK schools at the start of the new school year, police eventually arrested Duke-Cohan's on August 31.
Yen revealed that more charges are pending, possibly related to the DDoS attacks, along with possible extradition to the US.
The ProtonMail founder also said that security researchers who are ProtonMail users also lent their help during the investigation, which also uncovered that the Apophis Squad DDoS-for-hire portal was breached and exposing user data online, information that may also lead to the arrest of other group members.