It seems that Spiderman is in a spot of trouble, tangled in a web of his own making.
Back in November 2016, over 900,000 Deutsche Telekom broadband customers found themselves unable to access the internet, after their routers were hijacked by a malicious hacker attempting to recruit routers into a destructive botnet.
Vulnerable Zyxel and Speedport routers were attacked through a custom-made version of the infamous Mirai malware, exploiting a vulnerability in the TR-069 and TR-064 protocols used by ISPs to remotely manage hundreds of thousands of internet devices.
In this particular case, the vulnerable routers were tricked by a hacker named “BestBuy” into downloading and executing malicious code, with the intention of crashing or exploiting them. Compromised routers could then be commanded to change their DNS settings, steal Wi-Fi credentials, or bombard websites with unwanted traffic.
The scale of the attack understandably made headline news in Germany, where authorities described the attack as a threat to the company’s national communication infrastructure.
As we reported in February, British police arrested a 29-year old man at Luton airport on behalf of Germany’s Federal Criminal Police Office (BKA), who alleged the man had offered to sell access to the botnet to online criminals.
Now, as local media reports, the same man has pleaded guilty in a German court to the attack, which is said to have cost Deutsche Telekom more than two million euros.
Although the German authorities have not released the name of the 29-year-old man, they have referred to him as “Spiderman” – one of the names (“Peter Parker” was another) used by the hacker when registering domains used by his command & control servers.
Spiderman told the German court that he had not intended to prevent the targeted routers to crash, but instead had wanted to silently recruit them into a botnet capable of launching massive denial-of-service attacks against websites and other online services.
According to reports, Spiderman launched similar attacks against the broadband routers belonging to customers of other ISPs – including Ireland’s biggest telcoms provider, Eir – although he does not appear to have been charged in connection with these offences.
Earlier this month, celebrated security blogger Brian Krebs presented his findings suggesting that “BestBuy”‘s true identity was 29-year-old Brit named Daniel Kaye.
Like the BKA, Krebs appears to have been lead to their suspect because “BestBuy” left a trail of clues across the internet.
If you’re a fan of Marvel superhero Spider-Man, you’ll be all too familiar that the spandex-wearing web flinger is all too keen on reminding us that “with great power comes great responsibility.”
Many may have the power to exploit internet routers, or determined how to reuse someone else’s research to do the same, and some may even be tempted to do so for financial gain. But the irresponsible use of that power will most likely cast a painful shadow over this man’s life, and cause heartache for his family and loved ones.
written by Graham Cluley, ESET We Live Security