British “Spiderman” sentenced in massive German router attack
A 29-year-old British hacker-for-hire was convicted by a German court on Friday after he confessed to unleashing a cyber attack that knocked out the internet for around 1 million Deutsche Telekom customers.
The regional court in Cologne handed the man, named only as Daniel K., a suspended sentence of a year and eight months for attempted commercial computer sabotage. The maximum sentence was up to 10 years, and prosecutors had asked for two years.
The convicted hacker, who used the online alias “Spiderman”, among other names, also faces criminal charges in Britain, where authorities have requested his extradition.
Last November, the man used a variant of the malicious Mirai botnet code to attack internet routers and turn them into remotely controlled “bots” for mounting large-scale attacks that disrupted websites and computer systems, police have said.
The botnet, once launched, spread out of control around the world, knocking out internet router equipment at up to a dozen telecom operators around the world, with Germany’s Deutsche Telekom far and away the hardest hit.
British police arrested Daniel K. in February at Luton airport, north of London, on a request from Germany’s Federal Criminal Police Office (BKA) to charge him with selling his botnet to online criminals. He was sent to Germany for trial.
Deutsche Telekom, Germany’s largest telecom company, had said the attack caused internet outages for as many as 900,000 of its customers, or about 4.5 percent of its 20 million fixed-line customers, but that it was thwarted before it could spread.
Still, the attacks knocked out internet service for affected customers for several hours and in some cases several days.
The malicious code exploited unprotected ports which allow network technicians to fix customers’ routers from afar, but which can also expose the equipment to outside attack. Both the attack and the rapid recovery from it exploited this feature.
One out of every two companies in Germany has been the victim of cyber attacks over the last two years, according to a study by the country’s digital trade group Bitkom published this month.