A 29-year-old British man has confessed to a German court that he was behind a Mirai-based attack on Deutsche Telekom routers which ended up taking nearly one million customers offline last year.
The man, described in local media reports as “Daniel K”, claims to have been told by then-employer a Liberian telecommunications company to build a botnet to knock out a competitor.
He apparently agreed to the $10,000 commission as he was planning to marry his fiancée and wanted “a good start in married life”.
However, despite working as an IT technician at the firm, the Israeli born Brit, living until recently in Cyprus, had no specialist tech training and didn’t plan on the attack effectively sending the routers offline, according to the Guardian.
“The malware was badly programmed, it didn’t function properly and didn’t do what it was meant to do,” A Deutsche Telekom spokesperson said at the time. “Otherwise the consequences of the attack would have been a lot worse.”
The Mirai attack came amid a flurry of similar incidents, which knocked routers offline for over 100,000 Post Office and TalkTalk broadband customers in the UK.
Most famously, an earlier blitz took out DNS provider Dyn, and in so doing led to outages at internet giants including Spotify, Reddit and Twitter.
The malware, which was effectively open sourced after its source code was made public last year, was also used in a huge DDoS attack against Krebs on Security and – more curiously – an attack which knocked most of Liberia’s internet offline.
Mirai works by scanning the web for IoT devices like routers which are only protected by factory default or hard-coded credentials, with the aim of recruiting them into a botnet which can be directed to launch DDoS attacks.
A second witness is set to appear in court on Friday, after which a verdict could be swiftly forthcoming. "Daniel K" apparently faces up to 10 years in prison.