back to article Citizen Lab says Sandvine network gear aids government spyware

Internet users in Turkey, Egypt and Syria who attempted to download legitimate Windows applications have been redirected to nation-state spyware through deep-packet inspection boxes placed on telecom networks in Turkey and Egypt, according to a report issued Friday by security research group Citizen Lab. Citizen Lab, a Canada- …

  1. Anonymous Coward
    Anonymous Coward

    Guns do not kill people

    Guns do not kill people. People kill people.

    Network boxes do not redirect people to government spyware. People redirect people to government spyware.

    Err... is there something wrong with my logic this evening?

    1. Doctor Syntax Silver badge

      Re: Guns do not kill people

      "is there something wrong with my logic this evening?"

      Yes. People alone can't redirect users no more than people can thrown a bullet hard enough to do harm. People use tools. Toolmakers must also share the blame.

      1. Jason Bloomberg Silver badge

        Re: Guns do not kill people

        Guns don't kill people. People with guns kill people. People with bread knives kill people. People with baseball bats kill people. People with Typhoon fighter jets kill people.

        At the end of the day any use, any good or harm done, comes from people choosing to use the tool in the way they do.

        How much blame and responsibility toolmakers have is something which is going to be debated forever and there is no single or simple answer.

    2. Anonymous Coward
      Anonymous Coward

      Re: Guns do not kill people

      Guns, unlike other tools, are designed only to kill people, at a long range and with maximum effectiveness.. They have no other use. The usefulness of other tools offsets their danger of being used to kill, and still, they are usually far less effective and can't be used at long range.

      Anyway, these systems technology may have required an export license to those countries especially Syria. Maybe it got one to increase US export balance?

    3. Anonymous Coward
      Anonymous Coward

      Re: Guns do not kill people

      >Guns do not kill people. People kill people.

      If had a banana in my hand rather than a gun I'm going to do a lot less damage with it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Guns do not kill people

        I liked the bit about not doing business with "regimes that flout democratic norms". Won't that mean we can't work with the US any more?

  2. elDog

    There must be a formulaic response per type of incident: We are sending our prayers and hopes...

    Or: Our Customers Are Our Most Important Product (how prescient that was!!!)

    Or: Your Business Is Very Important To Us - Please Stay On the Line (lines being so passe)

    Or: This Call May Be Monitored To Improve Customer Service (really just reading you their rights to record)

    Or: What's Good For xxx Is Good For America (you're being shafted.)

    Network boxn have become commodities and in the hands of governments, corporations, abusive spouses, and all the other hateful people that want to limit other people's freedom.

  3. Nate Amsden

    would https even matter?

    I mean if you are in a position to intercept the application traffic quite likely you can intercept the DNS traffic as well. Use DNS to route the traffic to a proxy on http, and optionally use https on the backend to connect to the original urls.

    As for encryption for DNS, I have hosted my own domains for about 21 years now and have never used DNSSEC though according to this interesting blog post I came across https://sockpuppet.org/blog/2015/01/15/against-dnssec/

    "DNSSEC doesn’t secure browser DNS lookups.

    In fact, it does nothing for any of the “last mile” of DNS lookups: the link between software and DNS servers. It’s a server-to-server protocol."

  4. tip pc Silver badge

    The uni are just picking on SandVine to create extra noise for their report. The main issue is downloads are over http and not https. Doesn’t matter what nation the traffic initiates from it’s going to pass through kit that can do http redirect, like when I try and go to pirate bay in the uk I get redirected to a page telling me I can’t. Where is this uni jumping up and down about that?

    1. Petey
      WTF?

      There is a MASSIVE difference with the use described in the article versus the UK ISPs telling you that a site is blocked. The difference is that the UK is being transparent and you are not being duped into viewing something that you had not requested. In fact, it is out in the open that they were going to hijack your request as it was mandated by court orders which are in the public domain. You EXPECT this redirect to happen.

      Having malware injected into a legitimate request isn't remotely comparable to your example. It's a nefarious, underhand and downright unethical practise.

      The uni aren't "jumping up and down" about the UK because those activities are not unethical.

  5. Bitsminer Silver badge

    Attribution

    The report is a useful example of attribution. Can't blame the Russkies or Norks here.

    Blame Canada: "Ontario-based networking equipment company Sandvine".

  6. Claptrap314 Silver badge

    Avast uses non-https links for downloads? Uggh...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like