Massive Telecom Outage In 12 Countries Caused By Ericsson Fail, Not Cyber Attack: But study and consider impact

Massive telecom outages hit customers in 11 nations, with some of the worst impact reportedly in Japan. All indications this huge outage was NOT cyberwar, but studying this glitch may inform how nation’s and citizens can respond and react to some cyberattacks.

Some of the best reporting so far is at the Verge and ZDNet:

The Verge reports:

Ericsson has confirmed that a fault with its software was the source of yesterday’s massive network outage, which took millions of smartphones offline across the UK and Japan and created issues in almost a dozen countries. In a statement, Ericsson said that the root cause was an expired certificate, and that “the faulty software that has caused these issues is being decommissioned.” The statement notes that network services were restored to most customers on Thursday, while UK operator O2 said that its 4G network was back up as of early Friday morning.

Although much of the focus was paid to outages on O2 in the UK and Softbank in Japan. Ericsson later confirmed to Softbank that issues had simultaneously affected telecom carriers who’d installed Ericsson-made devices across a total of 11 countries. Softbank said that the outage affected its own network for just over four hours.

ZDNet reports:

Over in Japan, SoftBank said its outage extended from 1.39pm until 6.04pm JST on Thursday, with SoftBank and Y!mobile 4G LTE mobile phone services, Ouchi-No-Denwa fixed-line services, and SoftBank Air services affected.

The outage was “caused by Ericsson-made software errors related to its packet switches, covering our customers nationwide”, SoftBank explained. It is still investigating how many customers were impacted.

“At 1.39pm on Thursday, December 6, 2018, the SoftBank Network Center detected software’s malfunction in all of the packet switching machines manufactured by Ericsson, which are installed at the Tokyo Center and the Osaka Center, covering our mobile customers nationwide,” SoftBank said.

“After the incident, SoftBank received a report from Ericsson that the software has been in operation since nine months ago and the failure caused by the same software also occurred simultaneously in other telecom carriers across 11 countries, which installed the same Ericsson-made devices.

“The network was recovered to the normal operation by adapting the older version of the software to all packet switching machines.”



ThreatBrief will plan on continuing to analyze and report on this outgage, focusing on lessons that cyber defenders should consider.