* Infections hit some 900,000 of 20 mln Telekom customers
* German government says its networks also targeted
* Routers in Brazil, Ireland, UK also infected, experts say
(Adds comment from Brazilian National Computer Emergency
By Eric Auchard
FRANKFURT, Nov 29 A cyber attack that infected
nearly 1 million routers used to access Deutsche Telekom
internet service was part of a campaign targeting
web-connected devices around the globe, the German government
and security researchers said on Tuesday.
The revelation from the German Office for Information
Security, or BSI, stoked fears of an increase in cyber attacks
that disrupt internet service by exploiting common
vulnerabilities in widely used routers, webcams, digital video
recorders and other web-connected devices.
Security researchers said the infections spread to countries
including Brazil, Britain and Ireland using a technique similar
to one that stopped millions of people in the United States and
Europe from reaching websites including PayPal Holdings Inc
, Twitter Inc and Spotify on Oct. 21.
"It was a global attack against all kinds of devices," said
Dirk Backofen, a senior Deutsche Telekom security executive.
The BSI said that German government networks were also
targeted in Sunday's attack on Deutsche Telekom customers,
though authorities said they succeeded in keeping systems
Deutsche Telekom, Germany's largest telecom company, said
internet outages hit as many as 900,000 of its users, or about
4.5 percent of its fixed-line customers.
Deutsche Telekom and the German government did not identify
other victims, though cyber security firm Rapid7 Inc
said it observed the attackers trying to infect routers across
Irish telecom operator Eir and Vodafone Group Plc in
Britain use routers that were vulnerable to same kind of attack,
said Rapid7 security research manager Tod Beardsley.
Flashpoint, a second U.S. cyber security research firm, said
it routers were infected in Brazil, Britain and Germany.
Eir said in a statement it was aware of potential
vulnerabilities in broadband modems from Taiwan's ZyXel
Communications Corp used by about 30 percent of Eir customers.
"We have deployed of a number of solutions both at the
device and network level which will remove this risk," Eir said.
It reported the incident to Irish regulators.
Vodafone declined to comment on whether it customers had
been infected, but said it was aware of a vulnerability in
routers that enables attackers to mount denial-of-service
The Brazilian National Computer Emergency Response Team told
Reuters it was analysing the impact of the attack on Brazil, but
declined to say how many computers had been infected.
The attacks were launched with software known as Mirai that
seeks out vulnerable connected devices, then turns them into
remotely controlled "bots" for mounting large-scale attacks that
disrupt access to websites and computer systems.
Deutsche Telekom executives apologised for the outages,
saying the company had provided details about the attack to
other network operators and security agencies.
Security experts said the problem affected Deutsche Telekom
customers using three types of routers manufactured by Taiwan's
Arcadyan Technology, which created a software patch
that was pushed out to users on Monday.
Arcadyan did not reply to Reuters' requests for comment.
Security experts said attributing blame for the attacks may
prove impossible because the Mirai software had been released on
the internet. It is relatively easy to use, which means hackers
with relatively few technical skills could be to blame for
follow-on attacks, they said.
(Additional reporting by Jim Finkle in Boston, Harro Ten Wolde,
Ilona Wissenbach and Peter Maushagen in Frankfurt and Caroline
Copley, Andreas Rinke and Sabine Siebold in Berlin; Editing Mark
Potter, Ruth Pitchford and Lisa Shumaker)