* Deutsche Telekom says routers made by Arcadyan affected
* 900,000 of 20 mln Telekom fixed network customers hit
* Attack attempted to enlist routers in botnet - report
By Eric Auchard
FRANKFURT, Nov 29 An attempt to hijack consumer
router devices for a wider internet attack caused network
outages that hit hundreds of thousands of Deutsche Telekom
customers in Germany, a company executive said.
Deutsche Telekom said as many as 900,000 users, or about 4.5
percent of its 20 million fixed-line customers, suffered
internet outages starting on Sunday and continuing into Monday,
when the number began to decline sharply.
The outages appeared to be tied to a botched attempt to
commandeer customers' routers to disrupt internet traffic,
according to Deutsche Telekom's head of IT security and the
German Office for Information Security (BSI).
The BSI said the attack had also targeted the German
government's network but had failed because defensive measures
had proved effective.
"The BSI considers this outage to be part of a worldwide
attack on selected remote management interfaces of DSL routers,"
the government agency said on its website, adding that it was
working with Deutsche Telekom to analyse the incident.
Thomas Thchersich, head of Deutsche Telekom's IT security,
told Berlin newspaper Der Tagesspiegel: "In the framework of the
attack, it was attempted to turn the routers into a part of a
botnet," referring to the network devices customers use to
connect to the internet for phone, data and TV services.
The attack involved Mirai, malicious software designed to
turn network devices into remotely controlled "bots" that can be
used to mount large-scale network attacks. Last month, hackers
used it to unleash an attack using common devices like webcams
and digital recorders to cut access to some of the world's best
Telekom resells routers from more than a dozen mostly Asian
suppliers under the brand Speedport. It offered firmware updates
on Monday to three models, all of which are made by Taiwan's
The German network operator will be reviewing its
cooperation with Arcadyan following the outage, Tschersich told
Arcadyan did not reply to an emailed request for comment.
Telekom said it did not yet know who was behind the attack.
It is checking routers not affected by the outage to see whether
they may have been infected by malware, it added.
The network monitoring site Allestoerungen.de
(Breakdown)reported tens of thousands of complaints across
Germany ranging from Berlin, Hamburg and Duesseldorf in the
north to Frankfurt, Stuttgart and Munich in the south.
The site showed outages began to surge at 1400 GMT on Sunday
and peaked around 1600 GMT, then picked up again on Monday.
Telekom said on Monday its security measures appeared to be
taking effect and the number of customers affected had declined
to around 400,000 by 1200 GMT on Monday.
German security officials said the outages looked like the
work of hackers, several government sources told Reuters.
(Additional reporting by Harro Ten Wolde, Ilona Wissenbach and
Peter Maushagen in Frankfurt and Andreas Rinke and Sabine
Siebold in Berlin; Editing by Keith Weir and Mark Potter)