The Citizen Lab, at the University of Toronto, reports finding indications of use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver malware.
Key Findings
- Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom's network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
- We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users' unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.
- After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.
- The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.
The report concludes with a call to make HTTPS ubiquitous. However, the report fails to mention the flaws in the certificate model itself used by HTTPS. That is another can of worms.
(Score: 0) by Anonymous Coward on Tuesday March 13 2018, @06:20AM
Why should I? I wasn't the one who said:
So that AC should be linking to what he's using if he's doing anything serious.
As far as I can see the AC's concerns are overblown for my use cases. Proprietary software works well enough for me and I make proprietary software too.