A Russian telecom company that develops technology to allow phone and Internet companies to conduct web surveillance and censorship was hacked, its website defaced and data stolen from its servers, TechCrunch has learned.
Founded in Russia, Protei makes telecommunications systems for phone and Internet providers in dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and most of Central Africa. The company, now headquartered in Jordan, sells video conferencing technology and Internet connectivity solutions, as well as surveillance equipment and web-filtering products, such as deep packet inspection systems.
It’s not clear exactly when or how Protey was hacked, but a Copy of company website Archived on the Internet Archive’s Wayback Machine shows that it was defaced on November 8. The website was restored soon after.
During the breach, the hacker obtained the contents of Protei’s web servers — about 182 gigabytes of files — including emails dating back several years.
A copy of Protei’s data was provided DDoSecretsA nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.
Mohammed Jalal, managing director of Protea’s branch in Jordan, did not respond to requests for comment on the breach.
The identity of the hacker is not known, nor their motivation, but the defaced website reads: “Another DPI/SORM provider bites the dust.” The message likely refers to the company’s sale of deep packet inspection systems and other Internet filtering technologies for a Russian-developed legal intercept system known as SORM.
SORM is the main legal interception system used throughout Russia A few other countries which uses Russian technology. Phone and Internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of calls, text messages and web browsing data of the network’s subscribers.
Deep-packet inspection devices allow telecom companies to identify and filter web traffic depending on its source, such as a social media website or a specific messaging app, and selectively block access. These systems are used for surveillance and censorship in areas where freedom of speech and expression is limited.
Citizen Lab Reported in 2023 Iranian telecom giant Ariantel consulted with Protea on technology for logging internet traffic and blocking access to certain websites. Documents seen and published by Citizen Lab show that Protei talks about the technology’s ability to restrict or block access to websites for certain individuals or entire segments of the population.