No, that wasn't a DDoS attack, just a cellular outage

A T-mobile outage was mistakenly considered a DDoS attack on Monday. (Getty Images)


Written by

If Anonymous actually knows about a cyberattack that knocked telecommunications services throughout the U.S. offline Monday, then its members aren’t saying much.

A Twitter account claiming to be attached to the once formidable hacking group on Monday stated, without evidence, that the U.S. was enduring a distributed denial-of-service attack, perhaps from China. The tweets, sent by the @YourAnonCentral account to its 6.5 million followers, coincided with outages for T-Mobile customers in multiple cities. Two messages claiming a DDoS attack was underway had received more than 17,000 retweets by press time, while other Anonymous accounts also amplified the allegations without providing any additional insight.

Neville Ray, chief technology officer at T-Mobile, said Tuesday that the company had fixed the issues.

Security experts quickly pinned the issue on T-Mobile network configuration issues which resulted in the hours of downtime for customers, rather than a malicious DDoS meant to knock services offline by flooding them with internet traffic. Instead of acknowledging the more complicated reality, Anonymous amplified screenshots of a DDoS attack map that the security firm Arbor Networks uses as marketing to create interest in its product. In another message, Anonymous speculated China may have been the source of an attack, “as the situation between South and North Korea is currently deteriorating.”

The National Capital Region Threat Intelligence Consortium, an information sharing center sanctioned by the U.S. Department of Homeland Security, advised telecommunication firms to avoid unsubstantiated suggestions.

“The NTIC Cyber Center has not received any reputable information regarding any wide scale DDoS attacks impacting mobile carriers within the United States and urges members to verify sources and information before sharing via social media or other platforms,” said a notification sent Monday obtained by CyberScoop.

It was only the latest example of Anonymous aiming to boost its social media presence by capitalizing on unfolding news events, while ignoring the nuance. An offshoot of the famously decentralized group previously claimed to leak email addresses and passwords apparently stolen from a Minneapolis police website as retaliation for the killing of George Floyd. In fact, many of those credentials had been leaked years before in unrelated data breaches.

A range of experienced security practitioners including Marcus Hutchins, the researcher who is known for stopping the WannaCry ransomware outbreak, quickly debunked Anonymous’ claims, taking specific issue with the Digital Attack Map, which “lacks context to make any inferences at all.”

YourAnonCentral did not immediately respond to a message seeking comment.

The NTIC alert is available in full below.

Sean Lyngaas contributed reporting.

[documentcloud url=”” responsive=true]

-In this Story-

Anonymous, DDoS, T-Mobile