Hacker behind Deutsche Telekom Mirai infection pleads guilty

BestBuy, the hacker arrested at London airport in February under suspicion of infecting over 900,000 Deutsche Telekom routers with an altered version of Mirai malware, pleaded guilty on Friday, German media announced.

The 29 year-old’s identity has not been revealed, but he is occasionally referred to as Spiderman or Popopret. Before the Mirai attack, he was behind the GovRAT malware that hacked a number of US agencies, authorities said. BestBuy has also been linked to the attacks on British internet service provider Post Office and TalkTalk.

The attack on Deutsche Telekom routers in November of 2016 left almost 1 million users (five percent of customers) offline. The arrest follows an international effort by Europol and authorities in UK, Germany and Cyprus.

Once arrested, the hacker claimed that routers malfunctioning was a mistake, as the initial intent was to infect the device to control them remotely for DDoS attacks. After he pleaded guilty, BestBuy claimed he received $10,000 from an ISP in Liberia to attack its competition with DDoS attacks.

An independent investigation by security researcher Brian Krebs claims the hacker BestBuy is in fact a man named Daniel Kay, linked to “a large family in Israel” and to multiple inquiries on the dark web about “weed for sale in Israel.”