COLOGNE, Germany (Reuters) - A British hacker-for-hire was given a suspended sentence by a German court on Friday after confessing to a cyber attack that knocked out the internet for around 1 million Deutsche Telekom (DTEGn.DE) customers.
The 29-year old hacker, who used the online alias “Spiderman”, among other names, also faces criminal charges in Britain, where authorities have requested his extradition.
The attack caused internet outages for about 4.5 percent of Deutsche Telekom’s 20 million fixed-line customers.
“One can’t say exactly what the damages for Telekom are,” the presiding judge, Christof Wuttke, said in handing down the sentence, noting the costs to Germany’s biggest telecom services operator were sizable, but not “lasting”.
The court calculated Deutsche Telekom spent around 1 million euros ($1.2 million), mainly for setting up a national hotline for customer complaints and for weekend overtime pay for security staff.
The regional court in Cologne handed the man, named only as Daniel K., a suspended sentence of one year and eight months for attempted commercial computer sabotage. The maximum sentence was up to 10 years, and prosecutors had asked for two years.
Telekom estimated damages of 2 million euros (1.8 million pounds). A spokeswoman said the company was considering a civil lawsuit. “We will await the written judgment and weigh if we should go with a civil case,” spokeswoman Alexia Sailer said.
Sailer welcomed the conviction as a sign that “attacks on the cyber world are going punished.”
Last November, Daniel K. used a variant of the malicious Mirai botnet code to attack internet routers and turn them into remotely controlled “bots” for mounting large-scale attacks that disrupted websites and computer systems, police have said.
The botnet spread around the world, knocking out internet router equipment at up to a dozen telecom operators around the world, with Germany’s Deutsche Telekom the hardest hit.
British police arrested the hacker in February at Luton airport, north of London, on a request from Germany’s Federal Criminal Police Office (BKA) to charge him with selling his botnet to online criminals. He was sent to Germany for trial.
The malicious code exploited unprotected ports which allow network technicians to fix customers’ routers from afar, but which can also expose the equipment to outside attack. Both the attack and the rapid recovery from it exploited this feature.
One out of every two companies in Germany has been the victim of cyber attacks over the last two years, according to a study by the country’s digital trade group Bitkom published this month.
Reporting by Anneli Palmen and Tom Sims; Writing by Eric Auchard and Maria Sheahan; Editing by Elaine Hardcastle