Spiderman pleads guilty to hacking 900,000 broadband routers last year

Spiderman has pleaded guilty to a hack which took 900,000 broadband routers offline last year.

Just to clarify, we’re not talking about Marvel’s iconic web-slinging hero, but rather a hacker authorities referred to as ‘Spiderman’ when he was picked up back in February.

The 29-year old man was arrested by British police at Luton airport on behalf of Germany’s Federal Criminal Police Office who alleged he was responsible for hacking the broadband routers and offering to sell access to a botnet to carry out DDoS attacks to online criminals.

Spiderman was one pseudonym used by the hacker along with the fictional character’s real name, Peter Parker (keep that to yourselves.) The names were used when registering domains used for the hacker’s command & control servers.

The hack is said to have cost Deutsche Telekom over two million euros

German telecoms giant Deutsche Telekom and its customers were the main victims of the hack, despite the hacker not intending to knock them offline. Spiderman intended to quietly add the routers to a botnet to avoid unwanted attention but the flaw he used ended up taking approximately 900,000 broadband routers offline.

Deutsche Telekom’s routers manufactured by Zyxel and Speedport were exploited by a custom-made variant of the now-infamous Mirai malware which took advantage of a vulnerability in the TR-069 and TR-064 protocols used by ISPs to remotely manage hundreds of thousands of internet devices.

The hack is said to have cost Deutsche Telekom over two million euros and caused isolated speculation it was politically-motivated by Russian hackers. Deutsche Telekom CEO, Timotheus Höttges, called for a "NATO for the Internet" and said the attack could’ve had worse consequences.

According to local reports, the man has pleaded guilty in a German court handling the proceedings. He said he took on the commission for a fee of $10,000 (£7,700) from a Liberian telecommunications company because he wanted to marry his fiancee and needed money for a “good start into married life”. The company wanted access to a botnet and did not ask for the routers to be taken offline.

Spiderman is yet to be sentenced but according to a court spokesperson, he could face between six months and ten years imprisonment.

28/07 Update: The regional court in Cologne handed the man a suspended sentence of a year and eight months for attempted commercial computer sabotage. Prosecutors had asked for two years.

What are your thoughts on the proceedings? Let us know in the comments.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.