The Citizen Lab, at the University of Toronto, reports finding indications of use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver malware.
Key Findings
- Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom's network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
- We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users' unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.
- After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.
- The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.
The report concludes with a call to make HTTPS ubiquitous. However, the report fails to mention the flaws in the certificate model itself used by HTTPS. That is another can of worms.
This discussion has been archived.
No new comments can be posted.
Sandvine’s PacketLogic Devices Used to Deploy Government Spyware
|
Log In/Create an Account
| Top
| 9 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 2) by archfeld on Monday March 12 2018, @01:46AM
A voice giving the MiB statement in Inspector Clouseau's horribly cheesy accent...
"We are above the law, we are beyond the law, we are the bomb in the internet"
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 4, Interesting) by black6host on Monday March 12 2018, @02:45AM
You know, folks have always tried to keep one step ahead of those who would steal from them. Haven't found a suitable solution in all of mankind's existence. Plug one hole and another is open.
Ok, let me be motivational! When a door closes a window opens! Well, at least for the thieves. They'll make a damned window :)
(Score: 1, Interesting) by Anonymous Coward on Monday March 12 2018, @03:09AM (5 children)
That's one of the reasons why you should remove CAs like TÜRKTRUST that you are unlikely to ever need to trust.
For my usage and practice I feel self-signed certs are more secure than relying on the TLS CA system. I might get pwned the first time around (if I don't or can't check) but if I'm not pwned, from then on it's much harder for me to get pwned. Whereas if you mark any CA as trusted you can get pwned if ever any one of the CA's you trust screws up.
It's worse on Windows. CAs can and will get autoadded silently: https://www.proper.com/root-cert-problem/ [proper.com]
So on Windows you should use stuff like Firefox that has their own CA system and not Chrome which uses Microsoft's.
(Score: 0) by Anonymous Coward on Monday March 12 2018, @04:26AM (4 children)
Nobody should be doing anything serious on proprietary software anyway.
Running free software is the only way to have ownership over one's own computer. It's so easy these days compared to the 90s for example, though I certainly made do back then. Anybody who values their digital privacy and freedom has no excuse not to primarily run free software.
Using Windows for games I think is fine. Everybody needs to unwind every now and then. I'm not holding my breath for game publishers to switch to publishing on free software.
(Score: 0) by Anonymous Coward on Monday March 12 2018, @04:33AM
Yesterday: Windows XP + fewer online games
Today: Windows 10 + online Steam even for single player games
(Score: 1, Insightful) by Anonymous Coward on Monday March 12 2018, @09:22AM (2 children)
Proprietary software like Intel's and AMD's? What "free software" computer are you using?
https://www.theregister.co.uk/2018/01/12/intel_amt_insecure/ [theregister.co.uk]
https://en.wikipedia.org/wiki/Intel_Management_Engine [wikipedia.org]
https://www.coreboot.org/Intel_Management_Engine#Why_there_is_no_replacement_for_it_yet [coreboot.org]
https://hothardware.com/news/amd-confirms-it-will-not-be-opensourcing-epycs-platform-security-processor-code [hothardware.com]
You might be able to neutralize some of it: https://hackaday.com/2016/11/28/neutralizing-intels-management-engine/ [hackaday.com]
But that's not the same not running proprietary software.
(Score: 0) by Anonymous Coward on Monday March 12 2018, @03:06PM (1 child)
Oh, of course, AC pedant! Why not link to something that might offer us a solution?
Here's one: https://openrisc.io/ [openrisc.io]
We'll never get there if we just say, whelp, my processor has a lizard person back door, might as well not even try!
O Inanna Ishtar Libertas,
Grant me the serenity to accept the things I cannot change,
Courage to change the things I can,
And wisdom to know the difference.
(Score: 0) by Anonymous Coward on Tuesday March 13 2018, @06:20AM
Why should I? I wasn't the one who said:
So that AC should be linking to what he's using if he's doing anything serious.
As far as I can see the AC's concerns are overblown for my use cases. Proprietary software works well enough for me and I make proprietary software too.
(Score: 0, Troll) by cocaine overdose on Monday March 12 2018, @10:09AM