A Russian telecommunications company that develops technology that allows phone and Internet companies to conduct surveillance and web censorship was hacked, its website defaced and data stolen from its servers, according to TechCrunch.
Founded in Russia, Protei builds telecommunications systems for phone and Internet providers in dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of central Africa. The company, now based in Jordan, sells video conferencing technology and Internet connectivity solutions, as well as surveillance equipment and web filtering products such as deep packet inspection systems.
It is not clear when and how Protei was hacked, but a copy of the company’s website The Internet Archive’s Wayback Machine shows it was defaced on November 8. The site was restored soon after.
During the breach, the hacker obtained the contents of Protei’s web server – approximately 182 gigabytes of files – including emails dating back years.
A copy of the Protei data was given to DDoSecretsa nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.
Mohammad Jalal, the managing director of Protei’s Jordan branch, did not respond to a request for comment on the breach.
The identity of the hacker is not known, nor is their motivation, but the spoofed website read: “another DPI/SORM provider bites the dust.” The message likely refers to the company’s sales of deep packet inspection systems and other Internet filtering technology for the Russian-developed legal monitoring system known as SORM.
SORM is the main legal interception system used throughout Russia as well many other countries that use Russian technology. Telephone and Internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of the calls, text messages, and web browsing data of the networks’ customers.
Deep packet inspection devices allow telcos to detect and filter web traffic based on its source, such as a social media site or a specific messaging application, and selectively block access. These systems are used for surveillance and censorship in areas where freedom of speech and expression is restricted.
Citizen Lab reported in 2023 that Iranian telecommunications giant Ariantel had consulted with Protei about its technology to record web traffic and block access to certain websites. Documents seen and published by Citizen Lab show that Protei touts the ability of its technology to limit or block access to websites for specific individuals or entire segments of the population.
