Threat Watch

T-Mobile Outage Was not a DDoS Attack

A reported massive DDoS attack turned out to be a misconfiguration at T-Mobile USA. CEO Mike Sievert released a statement saying that they had been experiencing a voice and text issue that has intermittently impacted customers. Sievert also stated, “This is an IP traffic-related issue that has created significant capacity issues in the network core throughout the day. Data services have been working throughout the day, and customers have been using services like FaceTime, iMessage, Google Meet, Google Duo, Zoom, Skype, and others to connect. I can assure you that we have hundreds of our engineers and vendor partner staff working to resolve this issue, and our team will be working through the night as needed to get the network fully operational.” Matt Prince, CEO of Cloudflare, dismissed the reports of a DDoS attack, stating that he saw the issue with T-Mobile “making some changes to their network configurations today” and “unfortunately, it went badly” as the result was six hours “of cascading failures for their users.” Prince also said, “This is no massive DDoS attack. First, traffic from WARP to supposedly impacted services is normal and has no increase in errors. Second, there is no spike in traffic to any of the major internet exchanges, which you do see during actual DDoS attacks and definitely would see during one allegedly this disruptive.”

Source: https://www.theverge.com/2020/6/15/21292024/t-mobile-verizon-att-calls-failing-down-phone-networks-us-carriers

ANALYST NOTES