Deutsche Telecom affected by Mirai worm botnets

Nearly one million Deutsche Telekom customers in Germany were forced offline by a mass Internet outage caused by hackers attempting to hijack home web routers as part of a wider attack.

Deutsche Telekom have confirmed that 900,000 users suffered Internet outages and experts have warned that similar attacks could take place anywhere that hackers find vulnerabilities in smart devices.

The German Office for Information Security (BSI) have also said that the attack targeted the German government’s network, but had been rebuffed by the defensive measures in place.

News agencies have also reported a disruption of services in the UK as roughly 100,000 Post Office broadband customers were also taken offline in the same hack.

The attack is one of a number that have involved the  Mirai worm, a malicious software designed to turn network devices into remotely controlled ‘bots’ that can be used to mount large-scale distributed-denial-of-service (DDoS) attacks.

In this case, the activity targeted unsecured transmission control protocol (TCP) ports on routers and caused the routers to download and execute a binary file. This caused the routers to search for and infect other devices with unsecured TGP ports.

This kind of attack sets a dangerous precedent for future attacks as the Mirai worm turns vulnerable devices all over the world into botnets that can be used to target systems with DDoS attacks.

One of the most prominent attacks yet using the Mirai worm saw 620 gigabits of traffic per second directed at cybersecurity journalist Brian Krebs’ blog, using hacked IoT devices.

In a comment for WIRED, Martin Mckeay, a senior advocate at Akamai, the company that protects Krebs’ site from cyber attacks commented: “We looked at the traffic coming in from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks – they were everywhere”.

After the attacks on Krebs’ website, Mirai was also used to attack the internet services company Dyn, which caused mass outages on Twitter, Spotify and Paypal and was used again to attack Liberia’s internet infrastrucutre, reportedly knocking large parts of the country offline.