Hacking, censorship, and surveillance are spreading across the globe. In a lot of eastern countries, government made spywares are used to collect data on users not only criminal but also lawful. In some ways, the United States–or America, is made out to be some sort of vestige of free speech and freedom when it comes to the internet. We’ve seen slashing reforms to internet freedom in recent times, giving more power to ISPs than ever before to handle customer data as they see fit. And now a new revelation comes out that an American made hardware–sold by a Canadian company, has been used in along the Turkey/Syria border to hacker internet users.
Who made the American Hardware?
The hardware used to hack internet users was produced by PacketLogic Devices by Procera, a California based company recently merged with the Canada-based network management firm Sandvine owned by American private equity group Francisco partners.
Just to be clear, that’s an American company folded with a Canadian company owned by an American company. Ron Deibert, a director of the internet watchdog group Citizen lab, published a report on his findings that the technology was being used for hacking along the border of Turkey/Syria. He explains how the tech unleashed can have drastic consequences even worldwide.
“These companies are not closely regulated — and that can lead to a lot of unintended consequences, including consequences that harm our foreign policy interests and human rights interest as well,” said Deibert. “It’s a strong argument for government control over this kind of technology.”
Sandvine Company Responds to Allegations
Citizen Lab hasn’t provided the Sandvine company with all it’s findings, but Sandvine has responded that it wants to conduct a full investigation once it has all the data. It also has tried to explain away the findings by claiming the findings were inaccurate and misleading, but Sandvine hasn’t given any proof to explain so either.
How did Citizen lab find out that an American company made the tech to deploy the spyware along the border? Well, Citizen Lab explains that it found out since an European cybersecurity company reported that network service providers in two unidentified countries were using network injection (malicious software injected into traffic by whoever controls the network) to spy on users.
The way the injection occurred was that the Sandvine hardware would search for queries to download certain popular apps–like VLC media player, Avast Antivirus, or even skype. If a request came through from a targeted IP, then the user would be redirected to a malicious download without any indication. However, in order for this to happen, the website in question would have to be encrypted.
How was Sandvine Company Accused of Selling Hardware?
The activity was traced back to the the Turkish provinces of Adana, Hatay, Gaziantep, Diyarbakir and to the Turkish capital–Ankara, as well as parts of northern Syria and Egypt. The lead author of the report warns not to underestimate the power of network injection. “”This can potentially be used to target anyone in the country with the click of the button,” said Bill Marczak
Turk Telecom, one of the telecom companies in question of using network injection–allegedly through the American bought hardware from Sandvine, has claimed that they are not guilty. They say that the company “does not redirect any internet user to receive malicious downloads of popular software applications.”
Why does Turk Telecom matter? Well, this isn’t the first time that Sandvine’s ties to Turk Telecom have been investigated. In 2016, Procera employees were very upset at selling hardware to Turk Telecom, so they ended up quitting. Not only that, but many of Procera’s employees work in Egypt or Turkey with one employee on Linkedin claiming to have interest in state-sanctioned surveillance or “lawful interception”.
How to Protect Against Network Injection?
It’s easy to see why the Procera technology has been connected to the network injection after examining where the activity has taken place, as well as former ties between the American made hardware and where it’s been sold in Turkey. It’s unfortunate that the tech is being used in a malicious manner to conduct network injection to spy on internet users, particularly during an event that can have political ramifications concerning what is happening along the border with the Turkish and the Kurds in Syria.
In order to protect against network injection techniques, you can use a VPN to encrypt your traffic and remove potentially dangerous files injected into the internet. VPNs themselves are secure tunnel, and all you’re your web activity passing through will be immune to packet injection vulnerabilities. Since VPNs are resistant to governments that can’t crack encryption keys and ciphers like AES-256, it’s impossible to intercept network traffic and disrupt or spy on your internet!