Stories
Slash Boxes
Comments

SoylentNews is people

Sandvine’s PacketLogic Devices Used to Deploy Government Spyware

posted by Fnord666 on Monday March 12 2018, @01:06AM   Printer-friendly
from the value-added-packet-inspection dept.

canopic jug writes:

The Citizen Lab, at the University of Toronto, reports finding indications of use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver malware.

Key Findings

  • Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom's network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
  • We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users' unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.
  • After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.
  • The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.

The report concludes with a call to make HTTPS ubiquitous. However, the report fails to mention the flaws in the certificate model itself used by HTTPS. That is another can of worms.

Source : Sandvine's PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Sandvine’s PacketLogic Devices Used to Deploy Government Spyware | Log In/Create an Account | Top | 9 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday March 12 2018, @03:06PM (1 child)

    by Anonymous Coward on Monday March 12 2018, @03:06PM (#651354)

    Oh, of course, AC pedant! Why not link to something that might offer us a solution?

    Here's one: https://openrisc.io/ [openrisc.io]

    We'll never get there if we just say, whelp, my processor has a lizard person back door, might as well not even try!

    O Inanna Ishtar Libertas,
    Grant me the serenity to accept the things I cannot change,
    Courage to change the things I can,
    And wisdom to know the difference.

  • (Score: 0) by Anonymous Coward on Tuesday March 13 2018, @06:20AM

    by Anonymous Coward on Tuesday March 13 2018, @06:20AM (#651705)

    Why should I? I wasn't the one who said:

    Nobody should be doing anything serious on proprietary software anyway. Running free software is the only way to have ownership over one's own computer. It's so easy these days compared to the 90s for example

    So that AC should be linking to what he's using if he's doing anything serious.

    As far as I can see the AC's concerns are overblown for my use cases. Proprietary software works well enough for me and I make proprietary software too.