Deutsche Telekom routers hit by cyber attack

Ethernet plug with fiber optic wire

Hundreds of thousands of Deutsche Telekom customers were affected by what was said to be a failed hacking attempt on consumer router devices, Reuters reported.

Deutsche Telekom confirmed that around 900,000 customers had their broadband disconnected following the attempted hack of its hardware. This was around 4.5% of its customer base.

Customers experienced disruptions to broadband connections, including mobile line, TV or internet services.

The problems started on Sunday at 14:00 GMT and continued until Monday. Network monitoring website allestoerungen.de reported tens of thousands of complaints in different parts of Germany.

Deutsche Telekom head of IT Security, Thomas Tschersich told German newspaper Der Tagesspiegel that the issues experienced seemed to be connected to an attempt to make a number of customers' routers part of the Mirai botnet.

He said: "In the framework of the attack, it was attempted to turn the routers into a part of a botnet. While this was unsuccessful, the routers crashed in the attempt to take over."

Mirai is malware that attempts to turn network devices into remotely controlled bots. These bots can ultimately be used for large-scale DDoS attacks.

Jerry Goodman, vice president of the government systems division at communications company ViaSat, said: "This hack only further emphasises the weaknesses that exist in our increasingly connected world. In this case, consumers have been cut off from their internet, phone and TV, but it could've been worse."

Goodman added: "For instance, dedicated attackers could cut off not only residential internet, but traffic and train signals, or water and energy supplies. A sobering thought."

Telekom offered firmware patches for some of its routers on Monday, particularly two models produced by Arcadyan Technology.

Government sources told Reuters that German Security officials said the problem appeared to have been caused by hackers.

To customers experiencing problems, Deutsche Telekom suggest to unplug their router, wait 30 seconds and restart it. If the issue persists, it advised to disconnect the router from the network entirely.

Goodman said: "To protect against these attacks, organisations must assume that every single part of their network infrastructure is a potential vulnerability, and mitigate against this. For instance, by teaching both workers and customers best security practices; by monitoring systems to detect unusual behaviour and having their systems react before damage can be done; by controlling the access any one user or device has to critical systems; and by adding multiple layers of encryption, so that potential damage can be minimised."