A prominent telecommunications technology provider, Protei, has fallen victim to a significant cyberattack, resulting in its website being defaced and a substantial 182 gigabytes of data, including years of emails, being stolen from its servers. The breach targeted a company known for developing surveillance and web-filtering solutions for phone and internet providers globally.
About Protei: A Global Provider of Telecom and Surveillance Tech
Originally founded in Russia and now headquartered in Jordan, Protei supplies telecommunications systems to numerous countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan, and several nations in Central Africa. Its product portfolio encompasses video conferencing, internet connectivity solutions, and controversial surveillance equipment such as deep packet inspection (DPI) systems and web-filtering tools.
Details of the Cyberattack and Data Exfiltration
While the exact timing and method of the hack remain undisclosed, a snapshot of Protei's website on the Internet Archive's Wayback Machine confirms the defacement occurred on November 8. The website was subsequently restored shortly after the incident. During the **data breach**, hackers successfully exfiltrated approximately 182 gigabytes of files from Protei's web server, a trove that reportedly includes extensive email archives. This stolen data has since been provided to DDoSecrets, a nonprofit transparency collective dedicated to indexing leaked datasets in the public interest, particularly those from government agencies, law enforcement, and the surveillance industry.
Hacker's Message Points to Surveillance Products
The identity and motivations of the perpetrators behind the attack are currently unknown. However, the defaced website displayed a clear message: "another DPI/SORM provider bites the dust." This statement strongly suggests the attack was a direct response to Protei's involvement in selling deep packet inspection systems and other internet filtering technologies, particularly those integrated with SORM, Russia's state-developed lawful intercept system. Mohammad Jalal, managing director of Protei's Jordan branch, has not yet responded to requests for comment regarding the breach.
Understanding DPI and SORM: Tools for Surveillance and Censorship
SORM (System for Operative-Investigative Measures) is the primary lawful intercept system utilized across Russia and in several other countries adopting Russian technology. It mandates that phone and internet providers install specific equipment on their networks, enabling governments to access call content, text messages, and web browsing data of their customers. Deep packet inspection (DPI) devices further empower telecom companies to identify, filter, and selectively block web traffic based on its source, such as social media platforms or specific messaging applications. These systems are frequently deployed for **surveillance** and **censorship** in regions where freedom of speech and expression face significant restrictions.
Past Scrutiny: Protei's Role in Global Surveillance
Protei's role in supplying such technologies has drawn scrutiny previously. In 2023, The Citizen Lab reported that Iranian telecoms giant Ariantel had consulted with Protei regarding technology for logging internet traffic and blocking access to specific websites. Documents published by The Citizen Lab highlighted Protei's promotion of its technology's capability to restrict or block website access for targeted individuals or entire populations.
