A Russian telecommunications company that develops technology that allows phone and internet companies to monitor and censor the web has been hacked, its website defaced and data stolen from its servers, TechCrunch has learned.
Founded in Russia, Prorei makes telecommunications systems for telephone and internet providers in dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of Central Africa. The company, currently headquartered in Jordan, sells video conferencing technology and internet connectivity solutions, as well as web filtering products such as surveillance equipment and deep packet inspection systems.
It's unclear exactly when and how Prorei was hacked, but a copy of the company's website stored on the Internet Archive's Wayback Machine shows it was defaced on Nov. 8. The website was restored shortly thereafter.
During the breach, the hackers obtained the contents of Prorei's web server (approximately 182 gigabytes of files), including emails from years ago.
A copy of Protey's data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.
Image credit: TechCrunch (screenshot)
Mohammad Jalal, managing director of Protei's Jordanian office, did not respond to a request for comment on the breach.
The hacker's identity and motive are unknown, but the defaced website read, “Another DPI/SORM provider bites the dust.” The message likely refers to the company's sale of the Russian-developed Deep Packet Inspection System for Lawful Intercept System, known as SORM, and other Internet filtering technologies.
SORM is the main lawful interception system used throughout Russia and several other countries that use Russian technology. Telephone and Internet providers have installed SORM equipment on their networks, which allows governments to capture phone calls, text messages, and web browsing data of customers on their networks.
Deep packet inspection devices allow carriers to identify and filter web traffic by source, such as social media websites or specific messaging apps, and selectively block access. These systems are used for surveillance and censorship in areas where freedom of speech and expression is restricted.
Citizen Lab reported in 2023 that Iranian telecommunications giant Aliantel had discussed technology with Protei to log internet traffic and block access to certain websites. According to documents reviewed and published by Citizen Lab, Prorei touted its technology's ability to limit or block access to websites for specific people or entire populations.