Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

T-Mobile Outage Mistaken for Massive DDoS Attack on U.S.

Wireless carrier T-Mobile on Monday suffered a major outage in the United States that impacted service at other carriers as well, and it ended up being reported as a “massive” distributed denial of service (DDoS) attack.

Wireless carrier T-Mobile on Monday suffered a major outage in the United States that impacted service at other carriers as well, and it ended up being reported as a “massive” distributed denial of service (DDoS) attack.

The incident started around noon and continued to impact T-Mobile’s network throughout the day, leaving millions without voice and text service. For some, data connectivity was also impacted.

Hours into the outage, T-Mobile President of Technology Neville Ray took it to Twitter to announce that the carrier was working on resolving the issue, which spurred a long wave of negative responses from discontent customers.

“Our engineers are working to resolve a voice and data issue that has been affecting customers around the country. We’re sorry for the inconvenience and hope to have this fixed shortly,” he said.

Other carriers were also affected by the incident, but reportedly blamed the experienced technical issues on the outage impacting T-Mobile’s network.

In a statement on late Monday, T-Mobile CEO Mike Sievert said that the issue impacted customers across the country, noting that, despite recovery efforts, it would still take several more hours to fully restore services.

“This is an IP traffic related issue that has created significant capacity issues in the network core throughout the day,” he revealed.

According to Sievert, data services remained operational throughout the outage, but many users complained about their inability to access online services.

Some were quick to categorize the outage as a DDoS attack targeting major services in the United States, based on data from Digital Attack Map (an Arbor Networks service that monitors DDoS attacks) and outage aggregator Downdetector, and citing a tweet from @YourAnonCentral, which speculated on the source of the attack: “it may be China as the situation between South and North Korea is currently deteriorating.”

Matthew Prince, co-founder and CEO of Cloudflare, however, points out that the claims of the outage being caused by a DDoS attack are unsubstantiated, and says that the cited sources are unreliable (cybersecurity expert Marcus Hutchins does the same).

While DDoS attacks happen constantly, every day, there were no signs of a massive assault, based on the amount of traffic observed, and the fact that no major Internet service or platform reported anomalies, Prince notes.

“Except T-Mobile, which is having a bad day almost certainly entirely of their own team’s making. So, please, #hugops. And don’t worry, this is one thing that does not need to get added to the list of craziness that has been 2020,” he concludes.

FCC Chairman Ajit Pai has described the outage as “unacceptable” and says an investigation has been launched.

Related: Man Sentenced to 5 Years in Prison for DDoS Attacks

Related: NXNSAttack: New DNS Vulnerability Allows Big DDoS Attacks

Related: Hoaxcalls Botnet Expands Targets List, DDoS Capabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.