Governments in Turkey and Syria have been caught hijacking local
internet users connections to secretly inject cryptocurrency mining malware,
while the same mass interception technology has been found secretly
injecting browser-based cryptocurrency mining scripts into users web
traffic in Middle East countries.
This report describes THE CITIZEN LAB investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.
Fingers have been pointed at internet providers in Turkey and Syria which have been secretly injecting surveillance malware, while those in Egypt have been using the same technology to inject browser based mining malware.
According to reports ISPs in these three countries are using Deep Packet Inspection technology from Sandvine to intercept and manipulate web traffic and end users’ computers. The technology allows internet providers to prioritize, degrade, block, inject, and log various types of internet traffic on a packet by packet basis.
Turkey’s Telecom network has been using Sandvine PacketLogic devices to redirect hundreds of targeted users to malicious websites and spyware. Similar incidents were recorded in Syria whereby users have been redirected to spurious versions of antivirus software containing government malware.
In Egypt telecoms operators have taken a step further and are using the technology to secretly inject crypto mining scripts into every HTTP page that users accessed. Researchers at Citizen Lab found that providers were using a scheme called AdHose to covertly raise money by mining the anonymous altcoin Monero;
This report describes THE CITIZEN LAB investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.
Turkey, Syria and Egypt Fingered
Fingers have been pointed at internet providers in Turkey and Syria which have been secretly injecting surveillance malware, while those in Egypt have been using the same technology to inject browser based mining malware.
According to reports ISPs in these three countries are using Deep Packet Inspection technology from Sandvine to intercept and manipulate web traffic and end users’ computers. The technology allows internet providers to prioritize, degrade, block, inject, and log various types of internet traffic on a packet by packet basis.
Turkey’s Telecom network has been using Sandvine PacketLogic devices to redirect hundreds of targeted users to malicious websites and spyware. Similar incidents were recorded in Syria whereby users have been redirected to spurious versions of antivirus software containing government malware.
In Egypt telecoms operators have taken a step further and are using the technology to secretly inject crypto mining scripts into every HTTP page that users accessed. Researchers at Citizen Lab found that providers were using a scheme called AdHose to covertly raise money by mining the anonymous altcoin Monero;
This comment has been removed by a blog administrator.
ReplyDelete