Telecom Egypt Covertly Redirecting Internet Users To Crypto Mining Sites, Report Says

Telecom Egypt Covertly Redirecting Internet Users To Crypto Mining Sites, Report Says
A study has shown that Egyptian Internet user traffic is being manipulated by govt-linked entities to redirect users to crypto mining sites and ads.

Devices found at Telecom Egypt demarcation points have been found to be surreptitiously redirecting Egyptian Internet users to advertisements and cryptocurrency mining sites, according to a report published by Citizen Lab at the University of Toronto Friday, March 9.

The technology research lab’s report explains that the scheme, referred to as Adhose, operates via middleboxes, computer networking devices for manipulating internet traffic. The report identifies two modes of redirection used on Egyptian citizens: “spray mode” and “trickle mode.” “Spray mode” means that a middlebox “redirects Egyptian Internet users en masse to ads or cryptocurrency mining scripts whenever they make a request to any website,” and is seemingly used “sparingly.”

“Trickle mode” means that only attempts to open certain URLs redirects users to these ads or mining scripts, specifically CopticPope.org (which was formerly the website of the Pope of the Coptic Orthodox Church of Alexandria) and Babylon-X.com (formely a porn site).

Coinhive, a Monero mining platform that positions itself to sites as an online advertising alternative, was also listed in the table of links for AdHose middleboxes to redirect Egyptian users.

Coinhive has previously been linked to a large case of cryptojacking at the end of January 2018, when hackers ran YouTube ads with a Coinhive script that secretly used up the users’ CPU power for mining. American cable network Showtime was also found to be using Coinhive on two of their websites as an alternative for advertisements back in September of last year, albeit without informing their customers. After Showtime’s surreptitious use of the mining script was exposed, Coinhive announced that in future it would seek permission from users before using their computers to mine Monero.

Citizen Lab’s report showed that the same middlebox that runs AdHose was also responsible for Internet censorship in Egypt, blocking websites for Human Rights Watch and the news outlet Al Jazeera.

The report noted as well that middleboxes in Turkey and Syria were redirecting users attempting to download software to different versions of the same software with spyware attached.

A fingerprint of a network injection of the middleboxes, deep packet inspection (DPI) devices, was patched with a second-hand PacketLogic device made by Canadian network equipment company Sandvine.

In the report, Sandvine denied that their products could be used in such a manner, and highlighted to Citizen Lab their human rights protection standards that prompt a review of a sale when the customer is part of a country ranked low on the Worldwide Governance Indicators.

Citizen Lab writes in their report that Sandvine’s safeguards have “come up short,” and recommends that the company begin engaging in “regular consultation with civil society regarding its human rights due diligence and business ethics program.”

While Egypt’s first Bitcoin exchange was reported to be opening in August 2017, the Egyptian government has taken a hard line against cryptocurrencies in the country. Egypt’s top cleric called Bitcoin (BTC) “unlawful” under Sharia law in January of this year.

A year earlier in February 2017, a Sharia law expert had told Cointelegraph that since Islam has historically only recognized “commodities of intrinsic value” as money, “Bitcoin probably misses the mark.” It is unclear how Monero or Coinhive’s mining script would thus fall under Sharia law.

09.03.2018 / 06:54 87
Australian Police Question Govt. Employees on Crypto Mining Operation Australian Police Question Govt.
Australian federal police are reportedly investigating two employees from the country’s official weather forecasting department over an alleged
Researcher Finds Nearly 50,000 Websites Running Cryptocurrency Mining Malware Researcher Finds Nearly 50,000 Websites
Troy Mursch from Bad Packets Report recently conducted an investigation, in which he found that the ongoing cryptojacking trend has infected nearly
Japanese Conglomerate GMO Mined Over 200 Bitcoins In 2018 So Far Japanese Conglomerate GMO Mined Over
GMO Internet has released a monthly report on its mining business for February 2018, revealing that the company has mined over 200 bitcoins during
Monthly Report of GMO Internet and Its Cryptocurrency Mining Business Published Monthly Report of GMO Internet and Its
GMO Internet Inc., a major Japanese company investing in Internet-related businesses and listed on the first Section of the Tokyo Stock Exchange, has
Domains Running Cryptocurrency Mining Scripts Surge 725 Percent Domains Running Cryptocurrency Mining
The number of domains with cryptocurrency mining scripts installed has skyrocketed 725 percent in four months, according to a security firm’s
GMO Has Mined Millions of Dollars in Bitcoin Already GMO Has Mined Millions of Dollars in
The cryptocurrency mine launched by Japanese IT firm GMO Internet has generated more than $3 million in revenue over the past three months. According
Comments (0)
Add a comment
Comment on