A WHOLE LOT OF GERMAN INTERNET USERS have were forced to watch German television after a botnet was turned on service provider Deutsche Telekom and knocked over 900,000 routers.
The attack started on Sunday, typically a day when Germans celebrate Sunday, and rolled into a Monday, which is a weekly tradition for Germans. Needless to say, the large-scale attack on consumer routers meant that a large amount of the internet was downed.
Deutsche Telekom has admitted to problems in a statement on its website, this is refreshing stuff.
"According to our knowledge, an attack on maintenance interfaces is currently taking place worldwide. This was also confirmed by the Federal Office for Information Security. Following the latest findings, routers of Deutsche Telekom customers were affected by an attack from outside. Our network was not affected at any time," said the firm.
"The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers. This led to a restricted use of Deutsche Telekom services for affected customers. We implemented a series of filter measures to our network."
Affected punters, who are expected to somehow read this online information, are advised to go for the full unplug, plug back in again and reboot.
"After the reboot, the router should function normally," says DT. "The routers are back to their original state after the reboot, meaning there was no permanent infection with malware."
This is the second time in a year that the German film has seen its users fall into darkness, and security companies have been quick to lay into it.
"Most people don't know that all broadband service providers have ensured they have backdoors into ‘their' customer-edge devices; which can be cable modems, DSL modems, routers, etc. The reason for this is simple. It ensures people don't get services for free, while at the same time allowing the provider access into the remote devices for troubleshooting, updating, billing, etc," said Stephen Gates, chief research intelligence analyst at NSFOCUS.
"This helps reduce truck rolls and the associated costs. In this case, it appears that hackers have figured out a way to capitalise on the backdoor, and cause a noteworthy denial of service outage."
Elsewhere it is consumers that get the criticism because they haven't had the bloody sense to change default passwords.
"Whether this attack could have been prevented depends on what type of vulnerability was used to infect the routers. For example, Mirai botnet code wasn't too serious: the malware was looking for gadgets with well-known default passwords. If people had just changed these default passwords, their routers wouldn't have been infected.," added Alex Mathews, EMEA technical manager at Positive Technologies.
"On the other hand, the malware authors can use more serious, unknown vulnerability in routers' firmware or in communication protocols. In this case, users hardly can do anything to protect themselves. Only serious security tests can detect such vulnerability. It should be done by service providers and by routers' manufacturers... but unfortunately, they don't do enough safety testing." µ
A surprisingly busy week in a quiet month
Measures just 15.75mm at its thickest point
Firm expects GPU sales to start drying up