An incident involving the Russian telecommunications company - Protei has led to breaches of data security, resulting in stolen sensitive information and a defaced company website. Protei, known for providing technology enabling phone and internet surveillance and censorship across various global markets, was informed by TechCrunch about these breaches.
Established in Russia, Protei specialises in systems for telecommunications providers across numerous nations, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan, and many parts of central Africa.
The company, now operating from Jordan, supplies video conferencing tools, internet connectivity solutions, and various surveillance technologies, such as deep packet inspection systems, which are instrumental in web-filtering processes.
Website defacement and data breach
The hackers accessed about 182 gigabytes of files from Protei's web servers, which included emails
The exact timeline and method of the cyberattack remain ambiguous, but records from the Internet Archive’s Wayback Machine show that the defacement of Protei’s website occurred on November 8.
The website has since been restored. The hackers accessed approximately 182 gigabytes of files from Protei's web servers, which included emails spanning several years.
Data provided to DDoSecrets
The breached data was delivered to DDoSecrets, a nonprofit transparency organisation known for cataloguing leaked data sets that serve the public interest.
These data sets often involve content from law enforcement, governmental entities, and companies active within the surveillance sector.
Mohammad Jalal, Managing Director of Protei’s Jordan office, has not provided any comments regarding this breach.
Motivations behind the hack
SORM stands as the primary lawful intercept system employed across Russia and several other nations
The hacker's identity and motivations remain undetermined. However, the defaced website displayed a message: 'another DPI/SORM provider bites the dust', likely pointing to Protei's involvement with deep packet inspection systems and its association with the Russian-developed SORM lawful intercept system.
SORM stands as the primary lawful intercept system employed across Russia and several other nations using Russian technology. Telecom providers implement SORM within their networks, permitting governmental access to monitor the communications and web activity of customers.
Implications for telecom providers
Deep packet inspection devices empower telecommunications companies to analyse and manage web traffic based on its origin, for example, a social media platform or a specific messaging app, thereby enabling selective blocking or monitoring. These technologies are prominently used in regions with restricted freedom of speech and expression.
The Citizen Lab's 2023 report highlighted that Iranian telecoms company - Ariantel consulted with Protei concerning technology for internet traffic logging and curtailing access to selected websites. Documents released by The Citizen Lab reveal Protei's promotion of its technology's capabilities to limit or completely block internet access for specific individuals or large population groups.
Learn why leading casinos are upgrading to smarter, faster, and more compliant systems
