Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

The Citizen Lab catches ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware

capt_blake

By capt_blake
in Security & Privacy News

Recommended Posts

capt_blake

capt_blake

Posted
Posted

How I connect to nsaneforums, I am thinking...dum-dum...:think::)
:unsure:
******

Ed Snowden on Twitter, today:

“Huge: @Citizenlab catches ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware. Unencrypted web traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top internet sites affected.”

*The Research Article (a summary and the link to the full analysis):*
 

BAD TRAFFIC
Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
By Bill Marczak, Jakub Dalek, Sarah McKune, Adam Senft, John Scott-Railton, and Ron Deibert
 

This report describes our investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.
 

Key Findings
    • Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom’s network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.
    • We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.
    • After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.
    • The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.
**
Full:
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/

Link to comment
Share on other sites
  • Replies 5
  • Views 1.2k
  • Created
  • Last Reply
sixoclock

sixoclock

Posted
Posted

Thanks for the article. What do I have to do to prevent this injection? Using VPN? DNS encryption?

Link to comment
Share on other sites
capt_blake

capt_blake

Posted
  • Author
Posted
15 hours ago, sixoclock said:

Thanks for the article. What do I have to do to prevent this injection? Using VPN? DNS encryption?

Hi,

One thing that has come to my mind, simple:

Be very careful with or avoid altogether downloads over HTTP.
**
Which reminded me: Perhaps, also those two tweets, related, would be helpful to you.
1)
https://twitter.com/bcrypt/status/972363426164084736
2)
https://twitter.com/Snowden/status/972115183572267009

972363426164084736972115183572267009"This attack could have been prevent post-2013, when the @IETF considered including mandatory encryption as part of the new HTTP/2.0 standard. But they blocked it despite explicit warnings that without that protection, users would soon face exactly the attacks we see today."

Link to comment
Share on other sites
sixoclock

sixoclock

Posted
Posted
7 hours ago, capt_blake said:

Hi,

One thing that has come to my mind, simple:

Be very careful with or avoid altogether downloads over HTTP.
**
Which reminded me: Perhaps, also those two tweets, related, would be helpful to you.
1)
https://twitter.com/bcrypt/status/972363426164084736
2)
https://twitter.com/Snowden/status/972115183572267009

972363426164084736972115183572267009"This attack could have been prevent post-2013, when the @IETF considered including mandatory encryption as part of the new HTTP/2.0 standard. But they blocked it despite explicit warnings that without that protection, users would soon face exactly the attacks we see today."

Thanks. From my understanding that most browsers such as firefox and chrome now force all traffics through https, so this should not be a problem anymore or is my understanding wrong?

 

Brave browser looks interesting. I will give it a try.

Link to comment
Share on other sites
humble3d

humble3d

Posted
Posted
On 3/10/2018 at 6:21 PM, sixoclock said:

Thanks. From my understanding that most browsers such as firefox and chrome now force all traffics through https, so this should not be a problem anymore or is my understanding wrong?

 

Brave browser looks interesting. I will give it a try.

Nazi-Fascist governments invented the internet, they own it and control it, and, they  micromanage and control us...

Rise up genius brothers and sisters and fight the these evil bat rastards and always question authority...

Link to comment
Share on other sites
sixoclock

sixoclock

Posted
Posted
5 hours ago, humble3d said:

Nazi-Fascist governments invented the internet, they own it and control it, and, they  micromanage and control us...

Rise up genius brothers and sisters and fight the these evil bat rastards and always question authority...

 

Hear.... hear....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...