The British man suspected of carrying out the DDoS attack on 900,000 Deutsche Telekom home broadband reuters in November 2016 has been arrested at Luton airport just outside London.
The DDoS attack saw 900,000 routers, and by extension, the service of broadband briefly stopped. As they use the same routers, customers of UK ISP TalkTalk and the UK's Post Office's broadband customers were also affected by this.
Arrested by the UK's National Crime Agency (NCA), by request of Germany's federal police (BKA) under a European Arrest Warrant, Germany is now expected to seek extradition of the 29-year-old to face charges of computer sabotage.
In a German-language statement, the BKA said the attack last year was "particularly serious" and was carried out in a bid to enroll the home routers in a botnet.
The statement explains that Federal police are involved because the attack was classed as a threat to Germany's national communication infrastructure.
Public prosecutor Dr Daniel Vollmert from Cologne, Germany, told the Press Association, "he is accused of being the mastermind behind the attack.”
The routers were believed to have a particular vulnerability, and all found using IoT search engine Shodan. Once detected, it was hijacked using the vulnerability, and then used to mount a DDoS attack.
The attack is believed to have been carried out using a variant of the Mirai malware, which caused much havoc in late 2016 as it was used in the attacks on DNS provider Dyn, French web hosting company OVH and the website of security researcher Brian Krebs.
