UK police arrested the alleged mastermind of the MIRAI attack on Deutsche Telekom

The prosecutor’s office in Cologne and the Federal Criminal Police Office have arrested the alleged mastermind of the MIRAI attack on Deutsche Telekom

The agents at the UK National Crime Agency (NCA) have a man that is suspected to be involved with the massive attack on Deutsche Telekom that affected more than 900k routers in November 2016.

The affected routers were used by the Deutsche Telekom customers also for fixed telephony and TV services.

The problems lasted at least two days, the outage began on Sunday, November 27, at around 17:00, local time.

Deutsche Telekom users all over the country were not able to connect online using the users provided by the company. Below a graphic representation of the outage provided by the Allestoerungen.de.

 

The news of the arrest was confirmed by the Germany’s federal criminal police force (BKA).

German police from the city of Cologne identified the suspect and issued the international arrest warrant.

The suspect is a 29-year-old British, the authorities have arrested him at the Luton airport in London on Wednesday. The British police believe the man is the crooks that organized the massive attack.

The German police confirmed that the attack was severe and caused serious problems to German citizens. The attackers aimed to recruit the compromised devices in a botnet that was offered for sale on dark web markets.

“The aim of the attack wave should have been to take over the routers and integrate into a bot network operated by the accused. The bot network is supposed to have offered the accused in the Darknet for consideration for arbitrary attack scenarios, such as so-called DDoS attacks.” reads the statement issued by the BKA.

“From the outset, Deutsche Telekom cooperated with law enforcement agencies,” BKA said. “Technical assistance was also provided by the Federal Office for Information Security (BSI) in the analysis of the malicious software used.”

The prosecutors believe the hacker used a modified version of the dreaded Mirai malware to carry on the attack.

The Mirai malware was first spotted by the researcher MalwareMustDie last summer, a botnet of IoT devices compromised by the malicious code was used to shut down the Dyn DNS service.

The BKA confirmed that the UK authorities would extradite the 29-year-old man to Germany to face charges of computer sabotage, the man could be condemned to up to 10 years in prison.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Deutsche Telekom, Mirai)