British man arrested over Mirai-based attack on Deutsche Telekom

Suspect accused of trying to hijack routers to incorporate into a Mirai-style botnet

Police have apprehended a 29-year-old British man in London on suspicion of a Mirai-based attack last year on Deutsche Telekom. That had been followed by a similar attack targeting users' routers distributed by TalkTalk, among others.

The Deutsche Telekom attack had brought internet access grinding to a halt for almost one million German internet users at the end of November last year. Unusually, the affected ISP was very quick to provide an explanation.

"According to our knowledge, an attack on maintenance interfaces is currently taking place worldwide. This was also confirmed by the Federal Office for Information Security. Following the latest findings, routers of Deutsche Telekom customers were affected by an attack from outside. Our network was not affected at any time," said the company.

"The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers. This led to a restricted use of Deutsche Telekom services for affected customers. We implemented a series of filter measures to our network."

That enabled the company to restore services.

It was the British Police that picked up the British subject on behalf of police in Germany. Reuters says that the National Crime Agency (NCA) picked him up at a London airport.

In a statement, German police said: "The Briton is accused of attempted computer abuse in a particularly serious case. He is suspected of having carried out an attacking campaign against the Internet, at the end of November 2016, whereby more than 1,000,000 Deutsche Telekom customers could no longer use their Internet connection.

"The consequences were, among other things, breakdowns of Internet and telephone services of the affected connections. The aim of the attack would have been to take over the routers and integrate into a bot network operated by the accused. The bot network is supposed to have offered the accused in the Darknet for consideration for arbitrary attack scenarios, such as so-called DDoS attacks."

Or, to interpret into plain English, the suspect is accused of trying to hijack the affected routers in a bid to add them to a Mirai-style botnet.