Sandvine Products and Technology Used by Egypt, Turkey, and Syrian Governments to Install Spyware and Monero Mining. A Canadian security and human rights research group Citizen Lab has discovered that Turkey, Egypt, and Syrian governments are involved in the hijacking of local internet connections for the purpose of injecting surveillance malware.

Moreover, Citizen Lab, run by the University of Toronto’s Munk School of Global Affairs, stated that they identified Sandvine PacketLogic devices and Deep Packet Inspection technology installed in Türk Telecom and Telecom Egypt networks for injecting browser-based Coinhive Monero cryptomining scripts into web traffic and for ensuring political censorship. The research group noted that not only governments of the identified countries but also agencies and ISPs are benefitting from Sandvine’s technology to intercept and change web traffic.

It must be noted that Deep Packet Inspection technology allows ISPs to prioritize, block, inject, degrade and log different types of internet traffic and assess every packet to keep track of online activities of users. Perhaps, this is why internet users in Egypt, Turkey, and Syria were redirected to nation-wide distributed spyware when they attempted to download authentic Windows applications.

This was made possible by the deep packet inspection boxes that are installed at telecom networks across Turkey and Egypt. Researchers wrote in their report, published on Friday, that this discovery raises “significant human rights concerns.” The Windows applications users in Egypt, Turkey, and Syria tried to download from CBS Interactive’s Download.com included Avast Antivirus, 7-Zip, Opera and CCleaner.

They attempted to download these applications from official vendor websites but were diverted to malware-infected versions of the applications via HTTP redirects. Researchers believe that this redirection became possible because despite supporting HTTPS, the official websites for these programs by-default directed users to non-HTTP downloads. Read more from hackread.com…

thumbnail courtesy of hackread.com