Spiderman pleads guilty to hacking 900,000 broadband routers last year
Spiderman has pleaded guilty to a hack which took 900,000 broadband routers offline last year.
Just to clarify, we’re not talking about Marvel’s iconic web-slinging hero, but rather a hacker authorities referred to as ‘Spiderman’ when he was picked up back in February.
The 29-year old man was arrested by British police at Luton airport on behalf of Germany’s Federal Criminal Police Office who alleged he was responsible for hacking the broadband routers and offering to sell access to a botnet to carry out DDoS attacks to online criminals.
Spiderman was one pseudonym used by the hacker along with the fictional character’s real name, Peter Parker (keep that to yourselves.) The names were used when registering domains used for the hacker’s command & control servers.
The hack is said to have cost Deutsche Telekom over two million euros
German telecoms giant Deutsche Telekom and its customers were the main victims of the hack, despite the hacker not intending to knock them offline. Spiderman intended to quietly add the routers to a botnet to avoid unwanted attention but the flaw he used ended up taking approximately 900,000 broadband routers offline.
Deutsche Telekom’s routers manufactured by Zyxel and Speedport were exploited by a custom-made variant of the now-infamous Mirai malware which took advantage of a vulnerability in the TR-069 and TR-064 protocols used by ISPs to remotely manage hundreds of thousands of internet devices.
The hack is said to have cost Deutsche Telekom over two million euros and caused isolated speculation it was politically-motivated by Russian hackers. Deutsche Telekom CEO, Timotheus Höttges, called for a "NATO for the Internet" and said the attack could’ve had worse consequences.
According to local reports, the man has pleaded guilty in a German court handling the proceedings. He said he took on the commission for a fee of $10,000 (£7,700) from a Liberian telecommunications company because he wanted to marry his fiancee and needed money for a “good start into married life”. The company wanted access to a botnet and did not ask for the routers to be taken offline.
Spiderman is yet to be sentenced but according to a court spokesperson, he could face between six months and ten years imprisonment.
28/07 Update: The regional court in Cologne handed the man a suspended sentence of a year and eight months for attempted commercial computer sabotage. Prosecutors had asked for two years.
What are your thoughts on the proceedings? Let us know in the comments.
- » Attorney General calls on the US and its allies to invest in Huawei rivals
- » Huawei gets a reprieve in the UK as government permits 5G gear
- » Despite the UK’s decision, Australia is sticking by its Huawei 5G ban
- » How to retain customer loyalty in the telecoms sector: Personalisation and presence
- » Bipartisan US delegation express Huawei concerns during Munich Security Conference