Egypt’s Government Could Have Mined Monero on Its Citizens’ Computers

The government institutions or affiliated structures of Egypt broke the Internet connection of the country’s citizens using the "AdHose" program, which redirects traffic to Monero mining or shows extra advertisements. This information was published in a report by the explorers of the University of Toronto on Friday.

“We found similar middleboxes at a Telecom Egypt demarcation point. The middleboxes were being used to redirect users across dozens of ISPs to affiliate ads and browser cryptocurrency mining scripts”, - the report claims.

The financial market still has some suspicions concerning Bitcoin mining as well as other cryptocurrencies, given the fact that such operations are often conducted without users’ consent. Consequently, a bunch of Canadian researchers detected a modality, which might have been used by the Egyptian authorities to mine Monero secretly with the help of their citizens’ computers. This is possibly the result of using a fintech technique that the investigators called AdHose.

Cryptocurrency Mining Scripts

Firstly, the researchers started their study with reviewing all of the IP addresses in definite countries to find DPI devices called middleboxes. Such systems catch traffic on Turk Telekom’s network and redirect all users to nation-state spyware while the people just wanted to download some legal Windows applications.

It was mentioned that the financial technology AdHose includes two modes: the spray mode and the trickle mode. The first “redirects Egyptian Internet users en masse to ads or cryptocurrency mining scripts whenever they make a request to any website” and the last “targets some Javascript resources and defunct websites for ad injection.”

Who Tells the Truth?

Telecom is a major telecommunications company, 80% of which is held by the Egyptian Ministry of Communications and Information Technology. And the middleboxes mentioned earlier include Sandvine PacketLogic devices, which have been associated with state surveillance in Turkey and Syria.

The Citizen Lab appealed to Sandvine and Francisco Partners sending their recently found data to them in February. In its reply, Sandvine claimed that the report was “false, misleading, and wrong.” However, the lab stated, “We emphasized that we were confident in our research findings, which two independent peer reviews confirmed.”