FRANKFURT (Reuters) – A cyber attack that infected nearly 1 million routers used to access Deutsche Telekom internet service was part of a campaign targeting web-connected devices around the globe, the German government and security researchers said on Tuesday.
The revelation from the German Office for Information Security, or BSI, stoked fears of an increase in cyber attacks that disrupt internet service by exploiting common vulnerabilities in widely used routers, webcams, digital video recorders and other web-connected devices.
Security researchers said the infections spread to countries including Brazil, Britain and Ireland using a technique similar to one that stopped millions of people in the United States and Europe from reaching websites including PayPal, Twitter and Spotify on Oct. 21.
“It was a global attack against all kinds of devices,” said Dirk Backofen, a senior Deutsche Telekom security executive.
The BSI said that German government networks were also targeted in Sunday’s attack on Deutsche Telekom customers, though authorities said they succeeded in keeping systems online.
Deutsche Telekom, Germany’s largest telecom company, said internet outages hit as many as 900,000 of its users, or about 4.5 percent of its fixed-line customers.
Deutsche Telekom and the German government did not identify other victims, though cyber security firm Rapid7 said it observed the attackers trying to infect routers across the globe.
Irish telecom operator Eir and Vodafone in Britain use routers that were vulnerable to same kind of attack, said Rapid7 security research manager Tod Beardsley.
Flashpoint, a second US cyber security research firm, said it routers were infected in Brazil, Britain and Germany.
Eir said in a statement it was aware of potential vulnerabilities in broadband modems from Taiwan’s ZyXel Communications Corp used by about 30% of Eir customers.
“We have deployed of a number of solutions both at the device and network level which will remove this risk,” Eir said. It reported the incident to Irish regulators.
Vodafone declined to comment on whether it customers had been infected, but said it was aware of a vulnerability in routers that enables attackers to mount denial-of-service attacks.
The Brazilian National Computer Emergency Response Team told Reuters it was analysing the impact of the attack on Brazil, but declined to say how many computers had been infected.
Mirai targets Arcadyan routers
The attacks were launched with software known as Mirai that seeks out vulnerable connected devices, then turns them into remotely controlled “bots” for mounting large-scale attacks that disrupt access to websites and computer systems.
Deutsche Telekom executives apologised for the outages, saying the company had provided details about the attack to other network operators and security agencies.
Security experts said the problem affected Deutsche Telekom customers using three types of routers manufactured by Taiwan’s Arcadyan Technology, which created a software patch that was pushed out to users on Monday.
Arcadyan did not reply to Reuters’ requests for comment.
Security experts said attributing blame for the attacks may prove impossible because the Mirai software had been released on the internet. It is relatively easy to use, which means hackers with relatively few technical skills could be to blame for follow-on attacks, they said.
(By Eric Auchard; Additional reporting by Jim Finkle in Boston, Harro Ten Wolde, Ilona Wissenbach and Peter Maushagen in Frankfurt and Caroline Copley, Andreas Rinke and Sabine Siebold in Berlin; Editing Mark Potter, Ruth Pitchford and Lisa Shumaker)