Telecom Egypt, a government’s company, has been diverting Egyptian internet users to mine cryptocurrencies or show certain ads by using malware, as per a report published by security analysts at the University of Toronto.
The Citizen Lab researchers have found that Sandvine’s PacketLogic Devices were used to deploy government spyware in Turkey and redirect Egyptian users to particular ads. They found Deep Packet Inspection (DPI) middleboxes on Türk Telekom’s network. The DPI’s were being used to divert multiple clients in Turkey and Syria to spyware when those users tried to download specific legal Windows applications. Let’s take a look at what exactly happened.
What is DPI?
Deep packet inspection (DPI) is an advanced technique of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes or blocks packets with specific payloads that conventional packet filtering, which examines only packet headers.
Researchers found that, the middleboxes were used to hijack Egyptian Internet users’ unencrypted web connections and redirect the users to commercial content such as affiliate ads and browser cryptocurrency mining payloads. They checked characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. After that, they developed fingerprint for the injection they found in Turkey, Syria, and Egypt and matched the created fingerprint to a second-hand PacketLogic device.
The spyware found was similar to that used in the StrongPity APT attacks. Before switching to the StrongPity spyware, the operators of the Turkey injection used the FinFisher “lawful intercept” spyware, which FinFisher asserts is sold only to government entities. They also found that in Egypt, these devices were being used to block many human rights, political, and news websites including Human Rights Watch, Reporters Without Borders, Al Jazeera, Mada Masr, and HuffPost Arabic. In Turkey, these devices were being used to block websites like Wikipedia, the website of the Dutch Broadcast Foundation (NOS), and the website of the Kurdistan Workers’ Party (PKK). Researchers tested websites like, avast.com, iobit.com, and ccleaner.com. These websites used https on their main website but diverted users to download links that did not use https. While the user saw an https page in their browser.
Researcher Bill Marczak of Citizen Lab at the Munk School said that, “Leaked documents have long indicated that a number of governments are targeting their opponents by surreptitiously injecting spyware into their internet connections”. You can read the Citizen Lab report here
The creator of the intrusive hardware is a Canadian firm called Sandvine, which merged with a firm called Procera Networks a year ago. The specialists said that Sandvine called their report “false, deceptive, and wrong”
- Shiba Inu Price Prediction: How High can SHIB Price reach by 2030?
- What is Brave Browser? Is BAT crypto a Good Investment?
- Coinhive: The Advertisement Killer?
- PEPE Coin Price to Reach $5 in the Next Seven Days?
- Cryptojacking In The Real World
- Is Bitcoin Working as Satoshi Nakamoto Expected?
- Cryptocurrency Weekend Round UP: Turky and Cryptocurrency, RBI Anxious about Crackdown, Fraudulent Crypto Volume on Exchanges
- Crypto And Blockchain News Weekly: Juventus FC, SBI Ripple Asia, Cryptojacking And Much More
- Trustwave Discovers Cryptojacking Malware On Make-A-Wish Foundation website
- Telegram Zero-Day Vulnerability Used By Hackers To Spread Cryptocurrency Miner.
- Beware! New Cryptocurrency-Mining Android Malware is Spreading Rapidly
- A Technical Breakdown Of The Lazarus Group MacOS Malware Hack
- Q2 2018 Sees an 85% Increase in Crypto Malware Attacks
- 22 Million US Crypto Traders Overshadow Global Rivals
- BTI Claims $6 Billion Daily Cryptocurrency Volume is Fraud, How to Combat it?
- Vulnerabilities found in Monero
- Can Basic Attention Token (BAT) Solve the Traditional Advertising Problem?
- Top 5 Countries Where Crypto Trading Is Illegal
- Positive signs for Blockchain in the Middle East
- US Government Urged to Reimagine a Future With Blockchain
- Crypto News Weekly: Bitcoin Core, PwC, Hard Forks And Much More