The National Crime Agency (NCA), the British equivalent of the FBI, has reportedly arrested a suspect with links to last year's massive attack on Deutsche Telekom which hit as many as 900,000 home routers, German police revealed on Thursday (23 February).
The NCA picked up a 29-year-old British suspect at Luton airport in London on Wednesday (22 February). An NCA spokesperson told IBTimes UK: "I can confirm the NCA arrested a man yesterday morning under an EAW [European Arrest Warrant] on behalf of the German police.
It was in connection with a cyber attack on Deutsche Telecom in November 2016."
Thomas Kremer, board member for Data Privacy, Legal Affairs and Compliance at Deutsche Telekom told IBTimes UK: "We very much welcome the success of this international manhunt and have supported the law enforcement authorities.
"We are also looking into taking civil legal action against the alleged perpetrator. This case shows that the law can also be enforced in cyberspace. The arrest has been a major success against international cybercrime, which is increasingly making use of so-called botnets for large-scale attacks."
Daniel Vollmert, Cologne's public prosecutor, said that police are planning to extradite the man to Germany to face a charge of attempted computer sabotage, which could result in up to 10 years in prison if convicted. "He is accused of being the mastermind behind the attack," the prosecutor said.
Last November, hundreds of thousands of Deutsche Telekom customers in Germany were left with no internet after the telecommunications provider suffered a suspected cyberattack. At the time, the firm said roughly 900,000 of its 20 million fixed-line customers were facing issues.
Connectivity problems started on 27 November (Sunday) after users across the country started to contract the company to complain their phone and internet services were offline. Later, Deutsche Telekom confirmed via press statements that only "specific routers" were impacted.
"Some customers are experiencing temporary problems or very marked fluctuations in quality, but there are also customers for whom the service is not working at all," the firm said in a statement published on the homepage of its website last year.
"We cannot exclude the possibility that the routers have been targeted by external parties with the result that they can no longer register on the network."
Roughly 24 hours later, Deutsche Telekom said its efforts to fix the problems had made progress, explaining that by midday on 28 November there was a "clear improvement in the current situation." A spokesperson said the number of customers impacted had declined to about 400,000.
German investigators now believe the suspect was planning to use the hijacked home routers to construct a 'botnet', which is a series of infected devices that can be used to launch distributed denial of service (DDoS) cyberattacks.