Protei Hacked: Data Breach and Website Defacement

Telecom Surveillance Firm, Protei, Suffers Data Breach and Website Defacement

A technology company originating from Russia, specializing in the development of web surveillance and censorship tools for telecommunication providers, has been the target of a cyberattack. This incident resulted in the compromise of its website and the theft of data from its servers, as reported by TechCrunch.

Company Overview: Protei

Protei, initially established in Russia, designs and manufactures telecommunications infrastructure utilized by phone and internet service providers in numerous nations.

• These countries include Bahrain, Italy, Kazakhstan, Mexico, Pakistan, and a significant portion of central Africa.

Currently headquartered in Jordan, the company offers a range of products, encompassing video conferencing solutions, internet connectivity, and crucially, surveillance technologies and web-filtering systems like deep packet inspection (DPI).

Details of the Security Breach

The precise timing and method of the breach remain unclear. However, records archived by the Internet Archive’s Wayback Machine indicate the company’s website was defaced on November 8th, with restoration occurring shortly thereafter.

The attacker successfully accessed approximately 182 gigabytes of data from Protei’s web server, including a substantial archive of emails spanning several years.

Data Disclosure and Transparency

A copy of the compromised data was submitted to DDoSecrets, a non-profit organization dedicated to indexing and publicly releasing leaked datasets of public interest. This includes data originating from law enforcement, governmental bodies, and companies operating within the surveillance sector.

Company Response

Mohammad Jalal, the managing director of Protei’s Jordanian branch, initially did not respond to inquiries regarding the breach. Following publication of this report, Jalal stated via email that the company has no current ties to Russia and claims to be unaware of any data exfiltration from their servers.

The Website Defacement Message

The identity and motives of the hacker are currently unknown. The defaced website displayed the message: “another DPI/SORM provider bites the dust.”

This statement likely alludes to the company’s involvement in the sale of deep packet inspection systems and other internet filtering technologies associated with SORM, a Russian-developed lawful intercept system.

Understanding SORM and its Implications

SORM represents the primary lawful intercept system employed in Russia, as well as several other countries utilizing Russian technology.

Telecommunication providers are required to install SORM equipment on their networks, granting governmental authorities access to the content of phone calls, text messages, and web browsing activity of their customers.

Deep Packet Inspection and Censorship

Deep-packet inspection devices empower telecom companies to identify and filter web traffic based on its origin. This allows for the selective blocking of access to specific websites or messaging applications.

Such systems are frequently utilized for surveillance and censorship in regions where freedom of speech and expression are restricted.

Citizen Lab Report and Protei’s Capabilities

A 2023 report by the Citizen Lab revealed that Ariantel, a major Iranian telecommunications company, had consulted with Protei regarding technology for logging internet traffic and blocking access to websites.

Documents reviewed and published by The Citizen Lab demonstrate Protei’s promotion of its technology’s capacity to restrict or block website access to specific individuals or entire populations.

This article has been updated to include a comment from Mohammad Jalal.