Last October, floods of traffic from Internet of Things devices infected by the Mirai worm brought down several high profile internet services, from Level 3 to Dyn to Twitter and Reddit.
At the time, the attack was blamed on Wikileaks supporters, who were said to be outraged that the Ecuadoran embassy in London had changed its wifi password, disconnecting Julian Assange from the internet, in retaliation for the Wikileaks publication of the DNC emails (Assange was quickly reconnected, presumably through a mobile hotspot).
After the high-profile attacks, Mirai botnets flourished and fractured, hybridizing with other strains of malware and taking over hundreds of thousands of devices; as the supply outstripped demand, criminals began to advertise absurdly overpowered botnets of Mirai-compromised DVRs, CCTVs and other devices.
One botnet was dubbed "Shadowkill" and also "Botnet 14," and was used to attack and bring down the entire nation of Liberia, as well as significant parts of Deutsche Telekom's network in Germany.
Now, British police, acting on an international arrest warrant from Cologne, Germany, have taken an unnamed, 29 year old suspect into custody at an unspecified London airport, claiming he was responsible for Botnet #14. The German authorities are now attempting to extradite their suspect to Germany.
Back in November, a hacker by the name of Bestbuy (also known as Popopret), who was advertising a Mirai botnet-for-hire via XMPP spam messages, claimed responsibility for the attempts to hijack routers in Germany and the UK. Efforts to contact the hacker via usual communications channels were unsuccessful before this article's publication.
UK Police Arrest Suspect Behind Mirai Malware Attacks on Deutsche Telekom
[Catalin Cimpanu/Bleeping Computer]