Report Shows Egypt is Covertly Mining Cryptocurrency on Citizens’ Computers

The Egyptian government has been called out in a new report that suggests they are not only spying on and censoring their citizens’ internet but also using them to mine cryptocurrency. 

Government Mining Cryptocurrency Covertly

Report Shows Egypt is Covertly Mining Cryptocurrency on Citizens’ ComputersThe Citizen Lab, an interdisciplinary laboratory at the University of Toronto, published a report on Friday strongly suggesting that Egypt has been mining cryptocurrency secretly on its citizens’ computers. The report explained that Sandvine/Procera Networks Deep Packet Inspection (DPI) devices were used “to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.”

Sandvine Corporation was acquired in September of last year by private equity firm Francisco Partners, which bought Procera Networks in 2015. Sandvine and Procera Networks then merged and have been producing a website-filtering software called Packetlogic which the report says “may have been used by government-linked entities in both Turkey and Egypt to inject spyware.”

In addition, the Lab also found that the software is installing at least one cryptocurrency mining script, Coinhive, which is readily available for mining the privacy-centric cryptocurrency monero (XMR).

Detection method

Through a process that began with scanning all of the IP addresses in certain countries, the researchers found DPI devices called middleboxes that intercept traffic on Turk Telekom’s network between the public and various unencrypted websites.

These devices were “used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications,” the researchers elaborated. In Egypt, the team found more than just spyware, stating:

We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts.

Installing Mining Scripts

Telecom Egypt is the country’s primary telephone company with a fixed line subscriber base of over 6 million. It is 80% owned by the Egyptian Ministry of Communications and Information Technology.

The researchers named the Egyptian revenue-generation scheme “Adhose”. The report explained that Adhose has two modes: the spray mode and the trickle mode. The former “redirects Egyptian Internet users en masse to ads or cryptocurrency mining scripts whenever they make a request to any website” and the latter “targets some jаvascript resources and defunct websites for ad injection.” The report revealed that the scheme has been running by the same entity “since at least October 2016.”

While scanning a group of 5,702 IP addresses in January that belonged to 4 of the 17 ASNs present in Egypt, the team concluded:

Of these 5,702 IPs, 5,443 in four ASNs returned the advertising redirect, for an injection rate of ~95%.

The Citizen Lab sent letters to Sandvine and Francisco Partners summarizing their findings in February. In its reply, Sandvine claims that the report is “false, misleading, and wrong.” However, the lab says, “We emphasized that we were confident in our research findings, which two independent peer reviews confirmed.”

10.03.2018 / 09:25 64
Report Alleges Egyptian Government is Secretly Mining Cryptocurrencies on Citizens’ Devices Report Alleges Egyptian Government is
An investigation by The Citizen lab has found evidence that Egyptian authorities are mining cryptocurrencies on citizen’s computers and laptops.
Internet Providers Caught Deploying Crypto Mining Malware Internet Providers Caught Deploying
If it wasn’t bad enough with hackers and dodgy websites trying to hijack your computer hardware to mine some crypto coins, ISPs have been discovered
Telecom Egypt Covertly Redirecting Internet Users To Crypto Mining Sites, Report Says Telecom Egypt Covertly Redirecting
A study has shown that Egyptian Internet user traffic is being manipulated by govt-linked entities to redirect users to crypto mining sites and ads.
Researcher Finds Nearly 50,000 Websites Running Cryptocurrency Mining Malware Researcher Finds Nearly 50,000 Websites
Troy Mursch from Bad Packets Report recently conducted an investigation, in which he found that the ongoing cryptojacking trend has infected nearly
Monthly Report of GMO Internet and Its Cryptocurrency Mining Business Published Monthly Report of GMO Internet and Its
GMO Internet Inc., a major Japanese company investing in Internet-related businesses and listed on the first Section of the Tokyo Stock Exchange, has
GMO Has Mined Millions of Dollars in Bitcoin Already GMO Has Mined Millions of Dollars in
The cryptocurrency mine launched by Japanese IT firm GMO Internet has generated more than $3 million in revenue over the past three months. According
Comments (0)
Add a comment
Comment on