A Russian telecom company that develops surveillance technology for phone and internet providers was hacked, with attackers stealing 182 gigabytes of data and defacing its website. The breach targeted Protei, a company that sells deep packet inspection systems and censorship tools to governments across dozens of countries including Bahrain, Italy, Kazakhstan, Mexico, and Pakistan.
The hack of Protei represents a significant breach in the surveillance technology sector, exposing the inner workings of a company that helps governments monitor and censor their citizens' communications. The Jordan-headquartered firm, originally founded in Russia, found itself on the receiving end of the very digital intrusion tactics its technology enables.
The attack came to light when hackers defaced Protei's website on November 8, according to archived copies on the Wayback Machine. The defacement message - "another DPI/SORM provider bites the dust" - wasn't random vandalism but a pointed reference to the company's core business selling deep packet inspection systems and surveillance equipment.
Protei operates in a controversial corner of the telecom industry, providing governments with the tools to monitor and control internet traffic. The company's client list spans dozens of countries across central Africa, the Middle East, and beyond, where its technology helps authorities intercept calls, text messages, and web browsing data from telecom networks.
The breach netted attackers around 182 gigabytes of sensitive files from Protei's web servers, including years worth of internal emails that could reveal client relationships and business practices. This trove of data has since been provided to DDoSecrets, a transparency collective that specializes in making leaked datasets available for public interest research.
Protei's technology centers around SORM, Russia's lawful intercept system that has been exported to multiple countries seeking to monitor their populations. Phone and internet providers install SORM equipment directly on their networks, creating backdoors that allow government agencies to access the complete digital communications of any customer.
The company's deep packet inspection devices go beyond simple monitoring - they can identify specific types of web traffic, from social media platforms to messaging apps, and selectively block access. This capability makes Protei's systems particularly valuable to authoritarian governments seeking to control information flow and suppress dissent.
Citizen Lab's 2023 research revealed how Iranian telecom giant Ariantel consulted with Protei about implementing traffic logging and website blocking capabilities. Internal documents showed Protei promoting its technology's ability to restrict internet access for specific individuals or entire population segments.
