DT answers 13 questions on its recent security breach

11-28-2016

Some of our customer experienced restrictions of the fixed-line network and still, not all customers are connected again. Here you can find an overwiew of most relevant questions.

1. Was the Deutsche Telekom network hacked?

No, the attack targeted routers of Deutsche Telekom customers and, according to the German Federal Office for Information Security, was part of a global attack on so-called remote maintenance interfaces.

2. What was the aim of the attack?

It was an attempt to infect these routers with malware and to turn them into parts of a so-called botnet - this failed. The attack was not successful.

3. What impact did the attack have on customers?

There was no impact for the vast majority of them, around 96 percent. The impact varied for around four percent, in other words, around 900,000 customers. Some experienced restricted service, others were unable to use our services at all. At present, not all customers are back online.

4. How long will it take before all customers are disruption-free again?

We made the first software updates available yesterday and installed them on the affected routers. New updates will follow today, and more are in progress. However, the procedure is time-consuming. It will take a few more days before the final router is updated.

5. What measures has Deutsche Telekom taken?

Firstly, we have applied filter measures in the network to prevent the remote maintenance interface from being accessed by the attackers in order to exclude a new infection of devices. In parallel, experts from the router manufacturers have begun developing software updates, and their installation on the affected routers began yesterday afternoon. We could already see signs of a clear stabilization during the course of yesterday morning, so our measures have taken effect. We also had to check whether or not all router types that were not affected were perhaps infected with malware. The fact that they were working was no proof of being free of malware.

6. Could the attack have been prevented?

Based on current information, no. But the detailed analysis is still ongoing. The attack was part of a worldwide offensive, which is what the Federal Office or Information Security has confirmed

7. Has Deutsche Telekom made savings at the cost of security?

No, on the contrary: We invest billions in our network and in its security. We operate a cyber-defense center and have a separate Board department responsible for the protection of our data. When purchasing routers we work closely with our suppliers in order to meet our high security and quality standards. The case shows us, however, that there is no such thing as 100 percent security.

8. The same repeated requests to take the routers offline came across as helpless, to put it mildly …

Nevertheless, it's the most effective way for a lay person to have improved software installed. For those who would rather install the software themselves, the software can be downloaded from www.telekom.de/stoerung.

9. Isn't the migration toIPthe wrong route to take?

No, the attack targeted routers, not the network. Lines both in the traditional and the IP-based network were affected.

10. Is anything already known about the possible culprits?

No.

11. Were sets of customer data stolen?

Based on what we currently know, this is not the case.

12. Are other types of Speedports affected by this attack?

In the interests of our customers we will check all Speedport models and provide appropriate firmware updates. These are already available for Speepdort W921V (incl. fiber) and Speedport W723V Type B; we can provide them today for Speedport W504V Type A and Speedport Entry I. We will provide our customers with firmware updates for other models as soon as possible.

13. Isn't it high time to put an end to router coercion?

There is no router coercion at Deutsche Telekom.