Cyberattacke Telekom Router
Interview with Dirk Kretzschmar

Deutsche Telekom cyber attacks

30 November 2016

A large-scale cyber attack on routers has led to a failure of telephones, televisions and the internet for Deutsche Telekom customers. In this interview, Dirk Kretzschmar, Managing Director of TÜViT, explains how and why the networks were brought down and what his company can offer for effective protection against such threats from cyberspace.

What happened exactly?

Dirk Kretzschmar: Above all, customers were affected who access the internet, telephone and watch television via routers from various different manufacturers. The hackers were able to gain access to these routers via an unprotected remote maintenance interface and could therefore completely disable the connection between the Deutsche Telekom network, the network in the user’s house and the associated equipment such as telephones and televisions.

Was there a lack of care on the part of customers?

Dirk Kretzschmar: No, there was nothing the customers could do. They buy a product, in this case a router, and assume that it is secure. In my estimation, this attack was not aimed at Deutsche Telekom as a company, but at certain router models which have known weaknesses.

So what were the criminal hackers trying to achieve?

Dirk Kretzschmar: They tried to “take over” as many routers as possible within a short time in order to use them for botnets. They then attempted to bring down various servers by bombarding them with requests. Several weeks ago, a similar cyber attack was directed at Spotify, Netflix, Amazon and Twitter. In that case, criminal hackers made use of internet-capable domestic appliances. We do not know the intended victims in the present case. Based on what we do know, the attack did not achieve its aim, but it did result in the affected routers being permanently separated from the network.

“Affected Telekom customers should disconnect the router from the electrical supply and then connect again after around 30 seconds.“

Dirk Kretzschmar


How can TÜViT provide protection against such cyber attacks?

Dirk Kretzschmar:  As in the present case, hackers particularly like to exploit the IT infrastructure of private households, as they are much less well protected than corporate infrastructures. At TÜViT, playing the role of “good hackers”, we use various methods – such as penetration tests – to identify weaknesses in infrastructure. We also test routers with our Trusted Product Security test procedure – using our very latest knowledge of the threats from cyberspace, updated day by day.

What should those affected by the Telekom attack do now?

Dirk Kretzschmar: Affected Telekom customers should disconnect the router from the electrical supply and then connect again after around 30 seconds. This activates an update for the router software which Telekom has now provided.


Dirk Kretzschmar is the director of TÜViT and an expert in Network