Canadian hardware used for hacking in Turkey and Syria, watchdog reports
Procera offices in Fremont, Calif., on March 8, 2018. (Ben Margot / AP)
Raphael Satter, The Associated Press
Published Friday, March 9, 2018 9:52AM EST
PARIS -- A Canadian company's hardware is being used to hack internet users along Turkey's border with Syria, researchers said Friday, adding that there were signs that Kurdish forces aligned with the United States might have been targeted.
The revelation comes as Turkey presses its offensive against the Kurds dug in along the country's frontier with northwestern Syria -- a conflict that threatens to disrupt the American-led effort to extinguish the Islamic State group. The apparent use of Canadian technology to target a U.S. ally was an irony underlined by Ron Deibert, the director of the University of Toronto internet watchdog group Citizen Lab, which published a report on the spying.
"These companies are not closely regulated -- and that can lead to a lot of unintended consequences, including consequences that harm our foreign policy interests and human rights interest as well," said Deibert. "It's a strong argument for government control over this kind of technology."
Citizen Lab identified the hardware behind the hacking as PacketLogic devices produced by Procera -- a Fremont, California-based company that was recently folded into Waterloo, Ont.-based network management firm Sandvine, which is owned by American private equity group Francisco Partners.
In a statement issued before the report's release, Sandvine said it investigates all allegations of abuse, but said it had been unable to complete its inquiry because Citizen Lab refused to provide the company with its findings in full.
"Once we have the necessary data, we will conduct a full investigation and take appropriate action," Sandvine said.
The statement also said Citizen Lab's allegations were "technically inaccurate and intentionally misleading," but a representative for the company has yet to supply an example of a misleading or inaccurate claim.
Citizen Lab said it discovered the hacking after a European cybersecurity company reported that network service providers in two unidentified countries were trying to compromise their users using a powerful hacking technique known as network injection. Citizen Lab scoured the internet for signs of the spying and eventually traced the activity to the Turkish provinces of Adana, Hatay, Gaziantep, Diyarbakir and to the Turkish capital, Ankara, as well as parts of northern Syria and Egypt.
Network injection -- so-called because malicious software is injected into everyday internet traffic by whoever controls the network -- has long been feared as a particularly powerful form of government spying.
"This can potentially be used to target anyone in the country with the click of the button," said Bill Marczak, the lead author of the report.
Although the identities of those being spied on in Turkey and Egypt aren't clear, Marczak said that the devices appeared to be installed on the network belonging to Turk Telekom, a leading phone and internet provider in Turkey as well as parts of northern Syria. He said there were hints suggesting some of the targets are affiliated with the YPG, the Kurdish Marxist rebel group which is fighting Turkish forces for control of the northwestern Syrian province of Afrin. Although Turkey considers the YPG a terrorist organization, the group provides the backbone of the U.S.-backed operations against the Islamic State in eastern Syria.
American officials acknowledged Monday that ground operations against the jihadist group's remnants in eastern Syria were on hold because Kurdish fighters were being diverted to the battle against Turkey.
Turk Telekom said in a statement that it complies with Turkish law and doesn't interfere with internet users' access. It added that the company "does not redirect any internet user to receive malicious downloads of popular software applications." A representative for the company did not immediately respond to follow-up questions.
Sandvine's ties to the Turkey government have been the subject of previous reporting. In 2016, Forbes reported that engineers at Procera were so troubled at the prospect of supplying surveillance hardware for use by Turk Telekom that six of them quit in protest.
"I do not wish to spend the rest of my life with the regret of having been a part of (Turkish President Recep Tayyip) Erdogan's insanity, so I'm out," one the engineers said in a letter of resignation quoted by Forbes.
LinkedIn shows at least 16 Procera-Sandvine employees listed as working in Egypt or Turkey. One Sandvine engineer based in Cairo listed "lawful interception" -- a commonly used euphemism for state-sanctioned surveillance -- as one of his interests.
Sandvine was acquired by Franciso Partners in July 2017 for $562 million, and merged with Procera.
Citizen Lab's report: