Handcuffs

German police announced today that fellow UK police officers have arrested a suspect behind a serious cyber-attack that crippled German ISP Deutsche Telekom at the end of November 2016.

The attack in question, first reported by Bleeping Computer, caused over 900,000 routers of various makes and models to go offline after a mysterious attacker attempted to hijack the devices through a series of vulnerabilities.

Deutsche Telekom experts countered the attack on the same day by releasing a firmware update and asking customers to reboot devices so they could receive the new hardened firmware.

Router hijacking attacks happened in the UK as well

The attacks were later linked to a cybercrime groups operating a botnet powered by the Mirai malware, known as Botnet #14.

Days later, the same criminal group attempted a similar feat in the UK, where they tried to hijack over 100,000 routers belonging to several ISPs, before having their plans foiled again.

Both incidents caught the eye of law enforcement agencies, who started an official investigation, mainly because Botnet #14 was at the heart of several high-profile DDoS attacks before its authors tried to hijack routers in both countries.

Main suspect arrested at London airport

According to a statement obtained by Bleeping Computer from Bundeskriminalamt (the German Federal Criminal Police Office), officers from UK's National Crime Agency (NCA) arrested yesterday a 29-year-old suspect at a London airport.

German police from the city of Cologne appears to be the one who identified the suspect, and issued the international arrest warrant.

German authorities are now in the process of requesting the unnamed suspect's extradition, so he can stand trial in Germany.

According to Bundeskriminalamt, Europol, Eurojust, UK's NCA and Cyprus police participated in the investigation.

Hacker faces up to 10 years in prison

Based on current charges and German law, if convicted, the suspect faces between 6 months and 10 years in prison. There are no official charges accusing the suspect of orchestrating the attacks on UK ISPs.

Back in November, a hacker by the name of Bestbuy (also known as Popopret), who was advertising a Mirai botnet-for-hire via XMPP spam messages, claimed responsibility for the attempts to hijack routers in Germany and the UK. Efforts to contact the hacker via usual communications channels were unsuccessful before this article's publication.

The Bundeskriminalamt statement obtained by Bleeping Computer is available below (in German only).

Related Articles:

LabHost phishing service with 40,000 domains disrupted, 37 arrested

Moldovan charged for operating botnet used to push ransomware

Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

UK e-visa rollout starts today for millions: no more physical immigration cards

UK flooded with forged stamps despite using barcodes — to prevent just that