According to a new report, Egypt is secretly using citizens’ computers to mine cryptocurrency
According to a new report by security researchers at the University of Toronto, the Egyptian government or its affiliated institutions have hijacked the connections of local Internet users to the secretly mine cryptocurrencies “en masse”. The evidence of this kind of intrusion by a nation-state is “the stuff of legends”, the researchers say, because the techniques are particularly difficult to detect.
University Citizen Lab researchers identified a scheme they call “AdHose”, which secretly redirects Egyptian Internet users’ web traffic to malware that uses their computer to mine the Monero cryptocurrency or display ads. AdHose relies on hardware installed in Telecom Egypt’s networks.
It is used in two different ways, the researchers discovered. In “spray”mode, any website that affected users tried to access would redirect their web browsers to either an advertising network or a crypto-currency malware called Coinhive. A scan in January showed that 95 % of the observed devices with more than 5,700 devices were affected by AdHose. The report did not give the total number of affected users.
The”spray”mode is used sparingly, the researchers said. The alternative is the “trickle”mode, which redirects web traffic only when users visit certain websites. These include CopticPope. org, formerly a religious website, and Babylon-X. com, a porn site. The researchers found out that the trickle mode is in continuous running mode.
The hardware used to implement AdHose also serves as a censorship tool. It blocks access to news agencies such as Al Jazeera and NGOs such as Human Rights Watch. Citizen Lab found similar systems in Turkey and Syria, although instead of crypto-mining or ads, users were served with spyware when they believed they were installing legitimate antivirus programs.
The manufacturer of the intrusive hardware is a Canadian company called Sandvine, which merged last year with a company called Procera Networks. The researchers said Sandvine described their report as “false, misleading and wrong” when they were informed of the research results.