In late November of last year, there was a global attack on routers supplied by a variety of telecoms companies, with the aim of creating a botnet from the attacked devices. It is unclear how many of these attacks were successful, but we suspect a high number of unreported cases. It is clear, however, that the attack on Deutsche Telekom was not successful and that its customers' routers were not infected. As a side effect, however, over a million routers suffered temporary failures and could not be restored to seamless operations until a day later.
On February 22, 2017, a 29-year-old British citizen was arrested in London as a suspect . On July 28, 2017, the Cologne Regional Court sentenced the man to one year and eight months of probation.
Deutsche Telekom says of the judgment: "Cyberspace does not exist in a legal vacuum. Cyber attacks have legal consequences, just like all other crimes. The end of the router trial today makes that very clear. What is just as important is that cyber attacks are increasingly a topic for public discussion and that they are recognized as a real threat. This trial played a strong role in this process. We will look into whether we will pursue claims under civil law when we have received the judgment in writing."
Here are the most important facts about the attack and the trial:
- Deutsche Telekom was not the principal target of the global attack. The attack targeted routers around the world.
- The global attack was not successful against Deutsche Telekom routers. Deutsche Telekom's routers were not infected with malware and did not become part of a botnet.
- Around four percent of Deutsche Telekom's customers experienced issues with their routers, because some models were unable to process the huge number of requests they received and crashed as a result.
- The attack targeted a vulnerability that was already known. Deutsche Telekom's routers did not have this vulnerability.
- We assume that several hundred thousand computers around the world were attacked successfully, infected with malware and integrated in a botnet.
- The suspect has testified in court that a company hired him to establish a botnet. According to his information, he was supposed to use this network of remotely controlled devices to launch a DDoS attack against a Liberian company, to scare off its customers.
- Deutsche Telekom welcomes this trial. It shows that cyberspace does not exist in a legal vacuum and that laws can be enforced here as well. Deutsche Telekom provided support to the investigative authorities in apprehending the alleged perpetrator.
