“Masaar – Technology and Law Community” published a report on 24 October, on the activities of Sandvine; a company whose name has been in circulation in the past years for being active in the field of developing, manufacturing and operating software and equipment used by governments as tools for internet surveillance.
Masaar conducted a series of tests on a sample of blocked websites in Egypt, with the aim of detecting the use of “Sandvine” equipment to block these websites. We found 15 of the 20 websites _a test sample_ had been blocked by Sandvine equipment. Masaar conducted these tests on the Internet service provided by WE network (AS8452), formerly known as TE Data, which is operated by Telecom Egypt, and the Egyptian government owns 80% of its shares.
Citizen Lab had published a report on the use of PacketLogic devices, and the report indicated that the field (IPID) always bears the fingerprint “13330 (0x3412)”, and this fingerprint matched the one found by Citizen Lab researchers for one of the the PacketLogic devices they purchased.
In network data packets analysis tests for a sample of blocked websites on WE network (AS8452) using (Tcpdump) program, we found that 15 websites out of 20 websites _a test sample_ have the same PacketLogic fingerprint “13330 (0x3412)” referred to in the Sandvine report.
The following table shows 15 of the 20 websites that we found to be blocked by Sandvine PacketLogic:
Samples of network data packets analysis for some of the blocked websites
What are PacketLogic devices?
Sandvine PacketLogic devices are one of the equipment manufactured by Sandvine. Governments and telecommunication and internet service providers use PacketLogic devices to perform Deep Packet Inspection (DPI), which enables them to monitor the Internet, tamper with user communications, monitor network traffic in real time and filter network traffic, including blocking websites, applications and protocols (such as P2P).
Discovering PacketLogic Devices in Egypt
In March 2018, Citizen Lab published a report titled “Bad Traffic” revealing the use of “Sandvine PacketLogic” devices in Egypt, which were used to redirect users of many Internet service providers to advertisements and scripts for cryptocurrency mining. On 21 September, 2020, Qurium published a report on the use of Sandvine equipment to block Al Manassa, an independent press website in Egypt.