Sandvine’s PacketLogic Devices Used to Deploy Government Spyware

canopic jug writes:

The Citizen Lab, at the University of Toronto, reports finding indications of use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver malware.

Key Findings

  • Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom's network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
  • We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users' unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.
  • After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.
  • The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.

The report concludes with a call to make HTTPS ubiquitous. However, the report fails to mention the flaws in the certificate model itself used by HTTPS. That is another can of worms.

Source : Sandvine's PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?.

