SwanBitcoin445X250

A bombshell investigation by the University of Toronto’s Citizen Lab reveals startling evidence that sophisticated malware developed by a Canadian software firm was disseminated through a prominent Egyptian telecom company, infecting user devices with cryptocurrency mining scripts.

A detailed investigative report[1] published today by Citizen Lab[2] at the University of Toronto's Munk School of Global Affairs describes what might be the new standard in a long line of malicious cryptocurrency mining schemes.

The report summarizes how "middlebox" technology – created by the Canada-based Sandvine Corporation[3] – was used to "deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt."

Middleboxes are a type of software tool used to conduct what is known as deep packet inspection (DPI), which is a way to thoroughly scrutinize internet data. Sandvine calls its DPI product PacketLogic.    [4]

Citizen Lab used a technique known as internet scanning to track middlebox activity on Türk Telekom, Turkey's formerly state-run telecommunications company (which has since been privatized), and create a digital profile of that activity. That profile, essentially a digital fingerprint, was compared against that of Egypt's primary telecom company, Telecom Egypt.  [5][6][7]

When Telecom Egypt's profile was found to be similar to Turkey's, Citizen Lab created a control group to verify its suspicions. The report states, "We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting."

"On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users' unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts."

Citizen Lab concluded, "DPI equipment that matches our Sandvine PacketLogic fingerprint is installed on Telecom Egypt's network at Egypt's borders, and is used to deliver affiliate ads, cryptocurrency mining scripts, and perhaps nation-state spyware, to Egyptian Internet users."

Jordan Daniell is a full-time staff writer for ETHNews with a passionate interest in techno-social developments and cultural evolution. Jordan enjoys the outdoors, especially astronomy, and likes to play the bag pipes and explore southern California on foot in his spare time. Jordan lives in Los Angeles and holds value in Ether.


ETHNews is committed to its Editorial Policy[8]

Like what you read? Follow us on Twitter @ETHNews_[9] to receive the latest , or other Ethereum technology news.

References

  1. ^ investigative report (citizenlab.ca)
  2. ^ Citizen Lab (citizenlab.ca)
  3. ^ Sandvine Corporation (www.bloomberg.com)
  4. ^ deep packet inspection (www.infosectoday.com)
  5. ^ internet scanning (deibert.citizenlab.ca)
  6. ^ Türk Telekom (www.turktelekom.com.tr)
  7. ^ Telecom Egypt (www.te.eg)
  8. ^ Editorial Policy (www.ethnews.com)
  9. ^

Read more from our friends at ETH News: