Attack Crashes Deutsche Telekom Internet Routers
November 29 2016 - 5:10PM
Dow Jones News
An attack hit nearly one million home internet routers of
Deutsche Telekom AG customers, knocking them offline, the latest in
a string of similar events that have revealed vulnerabilities in
home devices connected to the internet.
Deutsche Telekom, which has 20 million fixed line customers,
said the attack started Sunday and attempted to infect the routers
with malicious software. In about 5% of the routers, the company
said, the virus caused the devices to malfunction, interrupting
internet service.
Most of the affected routers were back online as of Tuesday
evening, Deutsche Telekom spokesman Stephan Broszio said. The
company instructed customers to reboot the machines to download a
software patch. It hasn't yet found the culprit.
The malware used in the attack was a variant of the Mirai code
that has been used in other attacks, according to the SANS
Institute, a cybersecurity research group.
Security experts say the Mirai software has infected millions of
network routers, digital video recorders and other connected
devices around the world in recent months. The code works by
exploiting factory-default passwords that most device owners never
change. The software then uses its control of the gadgets to flood
other websites with junk traffic, a tactic known as a distributed
denial of service attack.
Most device owners never know their machines were enlisted in
massive "bot" networks to launch online attacks. That suggests the
disruption at Deutsche Telekom came from an infection campaign gone
awry.
"The bot code apparently either triggered a malfunction, or it
overloaded the Deutsche Telekom routers, causing them to lock up,"
said Johannes Ullrich, dean of research at the SANS Institute.
"This wasn't the intention of the bot code, but an error in the way
the bot was coded."
Network engineers who study Mirai have warned that attacks on
high-profile websites are likely to continue since the code was
released to the public earlier this year. That launched a feeding
frenzy among hackers and less-skilled videogamers known to target
high profile websites for fun or profit.
Dale Drew, chief security officer at network operator Level 3
Communications Inc., said the attack appeared to come from a novel
Mirai strain designed to add new classes of devices into its
network.
Flashpoint, another security research firm, estimated as many as
five million devices spread across Brazil, Germany and the U.K.,
among other countries, carried the same weakness that disrupted
Deutsche Telekom's routers.
Flashpoint research director Allison Nixon said the perpetrators
assembling the new networks showed some skill. "Just the sheer
amount of infrastructure that's involved is much more than we'd
expect from a hobbyist," she said.
Write to Drew FitzGerald at andrew.fitzgerald@wsj.com
(END) Dow Jones Newswires
November 29, 2016 16:55 ET (21:55 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Level 3 Communications, Inc. (delisted) (NYSE:LVLT)
Historical Stock Chart
From Mar 2024 to Apr 2024
Level 3 Communications, Inc. (delisted) (NYSE:LVLT)
Historical Stock Chart
From Apr 2023 to Apr 2024