Governments in Turkey along with Syria have been caught hijacking local internet users’ connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users’ web traffic in Egypt.
Governments, or agencies linked to in which, along with ISPs inside the three countries are using Deep Packet Inspection technology through Sandvine (which merged with Procera Networks last year), to intercept along with alter Internet users’ web traffic.
Deep packet inspection technology allows ISPs to prioritize, degrade, block, inject, along with log various types of Internet traffic, in different words, they can analyze each packet in order to see what you are doing online.
According to a brand new report by Citizen Lab, Turkey’s Telecom network was using Sandvine PacketLogic devices to redirect hundreds of targeted users (journalists, lawyers, along with human rights defenders) to malicious versions of legitimate programs bundled with FinFisher along with StrongPity spyware, when they tried to download them through official sources.
“in which redirection was possible because official websites for these programs, even though they might have supported HTTPS, directed users to non-HTTPS downloads by default,” the report reads.
A similar campaign has been spotted in Syria, where Internet users were silently redirected to malicious versions of the various well-known application, including Avast Antivirus, CCleaner, Opera, along with 7-Zip applications bundled with government spyware.
In Turkey, Sandvine PacketLogic devices were being used to block websites like Wikipedia, the sites of the Dutch Broadcast Foundation (NOS) along with Kurdistan Workers’ Party (PKK).
ISPs Injected Cryptocurrency Mining Scripts Into Users’ Web Browsers
However, in Egypt, Sandvine PacketLogic devices were being used by a Telecom operator for producing money by:
- Secretly injecting a cryptocurrency mining script into every HTTP web page users visited in order to mine the Monero cryptocurrency,
- Redirecting Egyptian users to web pages with affiliate ads.
In Egypt, these devices were also being used to block access to human rights, political, along with news outlets like Al Jazeera, HuffPost Arabic, Reporters Without Borders, along with Mada Masr, as well as NGOs like Human Rights Watch.
Citizen Lab researchers reported Sandvine of their findings, yet the company called their report “false, misleading, along with wrong,” along with also demanded them to return the second-hand PacketLogic device they used to confirm attribution of their fingerprint.
Citizen Lab commenced in which investigation in September last year after ESET researchers published a report revealing in which the downloads of several well-known apps were reportedly compromised at the ISP level in two (unnamed) countries to distribute the FinFisher spyware.