back to article Deutsche Telekom hack suspect arrested at London airport

UK police have arrested a suspect in connection with an attack that infected nearly 1 million Deutsche Telekom routers last November. The as-yet-unnamed 29-year-old British suspect was arrested at a London airport by officers from the UK's National Crime Agency (NCA) on Wednesday, Reuters reports. The attack on Germany's …

  1. Christian Berger

    It's like rattling on a door to break in...

    ... and have the whole house collapse.

    Of course nobody blames Deutsche Telekom for having their TR-069 open to all the world instead of limiting it to the IP-range of their ACS servers.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's like rattling on a door to break in...

      Of course nobody blames Deutsche Telekom for having their TR-069 open to all the world instead of limiting it to the IP-range of their ACS servers.

      If you find a weakness, you inform the owner or operator. If you use it to cause harm, you are committing a criminal act. If you're smart enough to find such a weakness, it can be safely assumed that you also know right from wrong so if the evidence is solid I have zero problems with people like being locked up.

      1. creepy gecko

        Re: It's like rattling on a door to break in...

        IIRC wasn't this the same attack that affected Talk Talk & KCOM routers?

        (Allegedly, he quickly adds).

      2. The_Idiot

        Re: It's like rattling on a door to break in...

        @Anonymous Coward

        My reading of Mr (my assumption) Berger's original post does not reveal, to my limited wit, any view that the perpetrator, if the suspect did indeed perpetrate the penetration, should not suffer consequences.

        What I did read was a prediction/ opinion that the company penetrated will suffer _non_ consequences (legally or financially at least) for not bolting the stable door properly in the first place.

        While no infrastructure or application can ever be declared 'impenetrable', bean counters and people who's bonuses depend on short term cost cuts and shorter term apparent profits will never decide to spend money on stable door bolts until and unless there is a penalty (and a painful one) for not doing so.

        At least, that's my view. Of course, I'm an Idiot... (blush).

        1. Commswonk

          Re: It's like rattling on a door to break in...

          While no infrastructure or application can ever be declared 'impenetrable', bean counters and people who's bonuses depend on short term cost cuts and shorter term apparent profits will never decide to spend money on stable door bolts until and unless there is a penalty (and a painful one) for not doing so.

          You have highlighted a genuine problem. How long should elapse between market release and hack before any decision is made about the security of a device? At one end of the scale anything that gets hacked within a day or two of going into service clearly has inadequate security. If, however, the product survives (say) three years before succumbing to an attack would you come to the same conclusion? If you would, at what point would you come to a different conclusion? As you yourself said "no infrastructure or application can ever be declared 'impenetrable" so how long between release and hack can be described as "adequate" or better?

          I'm all for punishment of the C Suite for a multitude of reasons but there has to be a degree of fairness to it, even if only a teensy weensy little bit.

          1. sanmigueelbeer
            Happy

            Re: It's like rattling on a door to break in...

            How long should elapse between market release and hack before any decision is made about the security of a device?

            Industry standard is 6 months.

            If the manufacturer doesn't make any responses, then you can either publish the exploit/vulnerability (minus the codes or procedures) or "take it to the next level".

  2. Destroy All Monsters Silver badge
    Paris Hilton

    So, not Putin?

    If this goes on, he will have to sell his hollowed-out, democracy-destroying volcano inhabited by leather-clad goons and slavic ballbuster dames who are also good in bed.

    What a loss in standing.

  3. Stuart 18

    LONDON !!?? airport

    --Other Sources-- have specified Luton airport. Luton airport is NOT:-) a London airport unless you're a Luton Airport marketing drone.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like