DDoS Attack Dismissed as T-Mobile Outage: Everything We Know

There was widespread panic on Monday evening when Internet service disruptions and outages hit all over the U.S., leading some to believe that the country was facing a DDoS attack. However, according to a report by Newsweek, cybersecurity experts say there is nothing to fret over. A large-scale service problem with T-Mobile apparently caused the issue.

Everything from social media to banking apps to phone service itself was thrown off in some parts of the U.S. on Monday night, sparking rumors of an intentional attack. These fears were stoked by social media accounts claiming to be affiliated with the hacktivist group Anonymous, saying the U.S. itself was "under a major DDoS attack." DDoS stands for "distributed denial of service" and is a form of cyberattack that floods a server or platform for traffic to take it offline temporarily. In this case, however, that is not what caused Monday's problem.

This site show a random sample of global DDoS traffic badly plotted on a world map. It does not indicate an attack against the US, it lacks context to make any inferences at all (other than DDoS attacks are happening all day every day). pic.twitter.com/8H9PqlIjbd

— MalwareTech (@MalwareTechBlog) June 15, 2020

Cybersecurity experts soon joined in the conversation openly, assuring social media users that there was no evidence of a coordinated attack on any single system. Instead, they soon showed that all the issues could be traced back to T-Mobile. Cloudfare founder Matthew Prince was one of the first to begin reassuring people on Twitter.

"There's a lot of buzz right now about a massive DDoS attack targeting the US, complete with scary-looking graphs. While it makes for a good headline in these already dramatic times, it's not accurate. The reality is far more boring," Prince tweeted.

Prince explained to anyone who would listen that T-Mobile attempted several updates and changes to its network on Monday, and they simply "went badly," causing a "series of failures" for various services associated with their network. "That caused a lot of T-Mobile users to complain on Twitter and other forums that they weren't able to reach popular services. Then services like Down Detector scrape Twitter and report those services as being offline," he explained.

I have found no indication these outages are DDoS related. Rather, there may be Sprint/T-Mobile issues related to a wonky update in the systems from the Sprint side to help merge with T-Mobile. Not sure what may be up w/ other carriers. See: https://t.co/jM6OAvmyfI https://t.co/WN1l8Fu1bp

— briankrebs (@briankrebs) June 16, 2020

"So now people are looking around for an explanation and they stumble across sites like the Arbor Networks attack map. It looks terrifying today! Thing is, it always looks terrifying. It's a marketing gimmick put up to sell DDoS mitigation services," he concluded.

As Prince predicted, none of the accounts that claimed to know that this was a coordinated DDoS attack could offer any proof, but instead only posted frightening rhetoric. When services returned to normal, those accounts were mysteriously silent.

Experts now seem to agree that Monday evening's disruptions were caused by the ongoing merging of T-Mobile and Sprint. T-Mobile acquired Sprint in April and has been gradually combining their networks and infrastructure into one cohesive whole.