British police arrest suspect in last November's me-too Mirai botnet floods

Originally published at:

Just a propos: I wonder what Brexit will do to EU-wide law enforcement.

1 Like

A quick Google Translate of the press release…it feels like page 1 was cut off.

23.02.2017 The prosecutor’s office in Cologne and the Federal Criminal Police Office
In the noon hours of 22 February 2017, a 29-year-old British national was arrested at a London airport of British National Crime Agency (NCA) forces. The arrest was made on the basis of a European arrest warrant issued by the Central Office and the contact point Cybercrime NRW (ZAC NRW) of the Cologne District Attorney’s Office. The investigation is conducted by the Federal Criminal Police Office (BKA), which has prepared the arrest of the accused in England in close cooperation with the British law enforcement agencies. Officials of the Federal Criminal Police Office are involved in the further investigations on the spot. The British are accused of attempted computer abuse in a particularly serious case. He is suspected of having carried out an attacking campaign against the Internet, at the end of November 2016, whereby more than 1,000,000 Deutsche Telekom customers could no longer use their Internet connection. The consequences were, among other things, breakdowns of Internet and telephone services of the affected connections. The aim of the attack wave should have been to take over the routers and integrate into a bot network operated by the accused. The bot network is to be the accused in Darknet against

Charge for any attack scenarios such as so-called DDoS attacks. A bot network is a multitude of infected and interconnected devices used for large-scale cyber attacks, malware distributions and similar criminal offenses. The nationwide attack against the Internet access router at the end of November 2016 is a threat to critical communication infrastructures. For this reason, the Federal Criminal Police Office was responsible for investigations on behalf of ZAC NRW. From the outset, Deutsche Telekom AG cooperated with law enforcement agencies. Technical assistance was also provided by the Federal Office for Information Security (BSI) in the analysis of the malicious software used. Successful arrests within the shortest possible time after arrest are the result of a close international cooperation of German, British and Cypriot law enforcement agencies with the participation of Europol and Eurojust. The Act provides for a completed computer abuse in a particularly severe case a imprisonment of 6 months to 10 years. The penalty can be mitigated by the trial. The prosecutor’s office in Cologne carries out the extradition of the accused to Germany. Further information can not be given on the basis of the ongoing investigations at the present time. Dr. Vollmert, Press Officer for Economic Attorneys Prosecutor’s Prosecutor’s Office Cologne Tel: 0221 / 477-4507 Email:

Fun fact: After the hacker kicked out millions of Telekom DSL routers the first reaction was “likely the Russians, destabilising our infrastructure”.

When it became clear that it was a rather amateurish attempt to create a bot net only a few media outlets reported this in the same big letter style…

And now the BKA believes it was a 29 year old British citizen trying to build a DDoS network for hire? “Advanced persistent threat”, my ass. Reminds me of GCHQ’s technical director’s comments on snake oil providers IT security consultants:

“If you call it an advanced persistent threat, you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you – buy my magic amulet and you’ll be fine.’ It’s medieval witchcraft, it’s genuinely medieval witchcraft.” He pointed out that a UK telco had recently been taken offline using a SQL injection flaw that was older than the hacker alleged to have used it. That’s not advanced by any stretch of the imagination, he said.

nah, the sentence is continued on the second page. it’s one of the ugly intertwined sentences only German bureaucracy can produce - I don’t even try to translate it, in my own word it says something like:

the accused is said to have offered the bot net for hire, advertising in the dark net. the purpose of the bot net would have been any computer attack, like DDoS.


I initially misread the headline as “British police suspected in last November’s me-too Mirai botnet floods” because frankly it seemed more likely that the whole thing was some police hacking op that went totally out of control then cops might catch anyone responsible. Color me pleasantly surprised, even though we don’t know that second part is true, yet.

1 Like


the press release does say nothing about the day job of the accused, though ; )

1 Like

Guess that one’s out of reach for me, being a fair bit older than SQL itself…

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.