An investigation by The Citizen lab has found evidence that Egyptian authorities are mining cryptocurrencies on citizen’s computers and laptops.
Using Internet scanning the researchers found deep packet inspection middleboxes on Telecom Egypt connections. Unencrypted traffic, (that uses http, not https) was redirected to browser cryptocurrency mining scripts. The researchers suggest this was done in order to extract revenue from unsuspecting internet users.
The report also identified the same malicious system being used in Turkey to inject citizen’s devices with spyware. Both Egypt and Turkey have been increasingly authoritarian in recent years, breaching multiple human rights obligations. Reporters Without Borders ranked Egypt 161st out of 180 currencies in its 2017 World Press Freedom Index, and 800 people have been sentenced to death since 2013. Journalists, human rights defenders, and protesters have experienced mass arrests, disappearances, and torture.
After an extensive investigation, the team was able to track the network injections from both Egypt and Turkey to Sandvine PacketLogic devices – an American-based firm which sold the Turkish system as part of a $6,000,000 contract. At the time the deal caused a prominent member of the company to resign in protest.
Attitudes to cryptocurrency are split in the highly religious Egypt. Earlier this year Egypt’s foremost religious leader called for a blockchain ban, stating that Bitcoin was illegal under Sharia law.
Whilst some authorities in Egypt are against the technology, the attackers are likely making large amounts of money. A report from Talos earlier this month, a leading cyber security intelligence firm, estimates that malicious mining could be netting attackers over $100m a year. The report estimated that each infected device can generate about 28 cents a day. With 2000 devices that adds up to $568 per day, and $200,000 a year. It’s likely however that the nation-wide system uncovered could have many many more devices infected – leading to much higher profits.
This type of attack has grown hugely in recent years, with malware research labs alleging that over 1.5 million devices have been affected. Website owners have deployed the technology as an alternative to ad-hosting. However, the primary use has been by hackers who slide the system onto internet users without them knowing.
The news of Egypt and Turkey’s use of the software comes as a reminder not only of the shaky human rights situation in these countries, but of state-sanctioned spying globally. As we progress through 2018 the internet is increasingly becoming less of a tool to connect citizens, and more a weapon to spy on them.