By Eric Auchard
FRANKFURT (Reuters) – An attempt to hijack consumer router devices for a wider internet attack caused network outages that hit hundreds of thousands of Deutsche Telekom customers in Germany, a company executive said.
Deutsche Telekom said as many as 900,000 users, or about 4.5 percent of its 20 million fixed-line customers, suffered internet outages starting on Sunday and continuing into Monday, when the number began to decline sharply.
The outages appeared to be tied to a botched attempt to commandeer customers’ routers to disrupt internet traffic, according to Deutsche Telekom’s head of IT security and the German Office for Information Security (BSI).
The BSI said the attack had also targeted the German government’s network but had failed because defensive measures had proved effective.
“The BSI considers this outage to be part of a worldwide attack on selected remote management interfaces of DSL routers,” the government agency said on its website, adding that it was working with Deutsche Telekom to analyze the incident.
Thomas Thchersich, head of Deutsche Telekom’s IT security, told Berlin newspaper Der Tagesspiegel: “In the framework of the attack, it was attempted to turn the routers into a part of a botnet,” referring to the network devices customers use to connect to the internet for phone, data and TV services.
The attack involved Mirai, malicious software designed to turn network devices into remotely controlled “bots” that can be used to mount large-scale network attacks. Last month, hackers used it to unleash an attack using common devices like webcams and digital recorders to cut access to some of the world’s best known websites.
Telekom resells routers from more than a dozen mostly Asian suppliers under the brand Speedport. It offered firmware updates on Monday to three models, all of which are made by Taiwan’s Arcadyan Technology.
The German network operator will be reviewing its cooperation with Arcadyan following the outage, Tschersich told Tagesspiegel.
Arcadyan did not reply to an emailed request for comment.
Telekom said it did not yet know who was behind the attack. It is checking routers not affected by the outage to see whether they may have been infected by malware, it added.
The network monitoring site Allestoerungen.de (Breakdown)reported tens of thousands of complaints across Germany ranging from Berlin, Hamburg and Duesseldorf in the north to Frankfurt, Stuttgart and Munich in the south.
The site showed outages began to surge at 1400 GMT on Sunday and peaked around 1600 GMT, then picked up again on Monday.
Telekom said on Monday its security measures appeared to be taking effect and the number of customers affected had declined to around 400,000 by 1200 GMT on Monday.
German security officials said the outages looked like the work of hackers, several government sources told Reuters.
(Additional reporting by Harro Ten Wolde, Ilona Wissenbach and Peter Maushagen in Frankfurt and Andreas Rinke and Sabine Siebold in Berlin; Editing by Keith Weir and Mark Potter)
Source: SANS ISC SecNewsFeed @ November 29, 2016 at 03:03AM