Authorities deny the charges.
According to researchers from the Citizen Lab at the University of Toronto, in Egypt, the authorities or those associated with the highest state officials, used the Internet connection for “a hidden collection of money through affiliate ads and mining of cryptocurrencies in Egypt.”
For this purpose we used a scheme called AdHose. Judging by the description, the government has redirected some of the traffic on the online Coinhive miner, which can mine cryptocurrency Monero. There were also redirects to the sites with advertising.
The whole system worked on the basis of the Telecom operator Telecom Egypt using the device Deep Packet Inspection (DPI), which are, among other things, an instrument of censorship for blocking websites. Network scan in January revealed 5700 devices, 95% of them were “infected” AdHose, however the overall scale remains unknown. In addition, there were also the “point mode” when the forwarding was only with certain sites. One of them was previously a resource CopticPope.org and adult site Babylon-X.com. According to experts, the scheme works today. At the same time, activity was detected in the network of Turk Telekom (Turkey) and Syrian networks.
We have found that the network Türk Telekom used an intermediate device to redirect large numbers of users intending to download some allowed programs, on version those programs that are bundled with spyware. Such “devices” were found at the point of demarcation to the company Telecom Egypt. “Intermediaries” were used to redirect users using Internet providers for affiliate ads as well as scripts, captaining-browser – Citizen Lab
According to Citizen Lab, the DPI equipment the operator has supplied the canadian firm Sandvine/Procera Networks. It belongs to private equity firm Francisco Partners. The firm had previously produced software to filter sites Packetlogic, which, according to the researchers, “may have been used by companies associated with the government of Turkey and Egypt, for the distribution of spyware”.
The aforementioned equipment was used “to redirect hundreds of users in Turkey and Syria on the state download spyware when they tried to download certain apps for Windows.”
In Sandvine stated that this is a false accusation which is misleading.