A new report by The Citizen Lab uncovers the apparent use of middleboxes (Deep Packet Inspection (DPI) devices) for malicious ends, likely by nation-states or ISPs in Turkey and Egypt. In a nutshell, the operation typically involves two components: one, custom packets are injected into target Internet requests; and two, a separate server controlled by the attackers injects spyware in these hijacked packets.
Internet users in Turkey (and parts of Syria) who downloaded Windows applications from official vendor websites including Opera, Avast Antivirus, CCleaner, and 7-Zip were silently redirected to malicious versions by way of injected HTTP redirects. Egyptian Internet users’ unencrypted web connections were hijacked en masse and redirected to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts. In both scenarios, these middleboxes were used to block political, journalistic, and human rights content e.g. Al Jazeera, Mada Masr, Kurdistan Workers’ Party (PKK).
Back to Kenya, transparency on the use of middleboxes should be a priority. The Centre for Intellectual Property and Information Technology Law (CIPIT), documented instances of Internet traffic manipulation on Safaricom’s network and as much as the report did not claim any malicious activity on the part of Internet provider, it did highlight the vulnerability Internet users face when service providers are opaque on their use of middleboxes. Safaricom denied any presence of a middlebox but inadvertently admitted to it in the technical response.
Further tests by Internet users in Kenya continue to flag traffic manipulation on more network platforms, calling for increased vigilance on network integrity. National Telcos, airports, coffee joints, and even workplace environments - should remain transparent on how they treat traffic while remaining open for inspection.
The security of Internet connections remains a building bloc of trust in e-Commerce and social life online. Perhaps the sector regulator, Communication Authority (CA), should enforce verifiable transparency standards across all Internet service providers as a condition of license approval or renewal.