back to article Sandvine put on America's export no-fly list after Egypt used network tech for spying

The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists. The Canadian IT appliance and software maker, along with China's Chengdu Beizhan Electronics, was added to America's Entity List, …

  1. Anonymous Coward
    Anonymous Coward

    Intersting to see where the gear was sourced

    Did their sales team get caught with their hand in the cookie jar? Did the sale get washed thought a shell company? Or was the box a bootleg clone? Did the company notify their countries intelligence service and give them backdoor access, and if so were they under a gag order?

    Pretty much all of these have played out in different repressive regimes over the years, so we will have to see what details emerge. Sandvine is one of the old guard DPI/traffic management companies, so getting slapped on the entity list is a bit of a surprise. Wonder if we will see a follow up story about fallout for that.

    Probably a few TLA's around the world that had or have their gear installed.

  2. Anonymous Coward
    Big Brother

    Deep packet inspection technology

    Deep packet inspection only works if the router/firewall transparently replaces the website cert with a local one. Which kind of defeats the whole point of end-to-end encryption.

    1. markrand
      Big Brother

      Re: Deep packet inspection technology

      Had that problem at work after we were taken over bay a US generally electrical corporation. my browser kept warning that certificates did not match the web sites' ones. oddly, I'd deleted the corporately installed certificates.

    2. Anonymous Coward
      Anonymous Coward

      Re: Deep packet inspection technology

      All of this is rings as non-sense reflecting a hostile environment for companies doing business in the US and today's regulatory powder keg.

      Sandvine creates solutions for carriers using swiss army knife style products - akin to a python interpreter with libraries to do useful things with network traffic or standards signaling traffic.

      There is no product Sandvine offers that can directly/independantly MITM TLS encrypted traffic. Perhaps it can MITM TCP (like any software) and perhaps it could be more useful in figuring out which flows are interesting to MITM. Perhaps they have solutions which lowers the barrier for semi-skilled malicious actor to use Sandvine in the chain of an attack... but facts don't matter in a world of feelings... and the public and the press and likely the US and Canadian government are lacking facts, logic and fortitude to do what is actually needed and go after the underlying problem.

      The reality is that Sandvine as a company is better known in the industry for their innocuous solutions like volte/E911 QoS prioritization (which isn't even a DPI solution), Quota Management, congestion management etc. The US govt. just put all their US affiliated customers in the position where they might not be able to engage with the Sandvine support organization without possibly violating the EAR, an act which was put in place to prevent nuclear and arms proliferation with penalties to match. Forget that Egypt was an A+ ally and country prior to Arab spring and basically any network vendor doing anything interesting/useful is vulnerable to this kind of reactionary virtue signaling.

      Why is Sandvine & the Canadian government tight lipped about all this. Allegations seem to stem from the U of T and Citizens Lab who don't seem to go beyond speculation that because such potential dual use tech exists and is in Egypt, that it must be up to the vendor to police or not have a product that can be used for evil? Oh boy that's a slippery slope...

      Where is Citizen's Lab pushing the relevant technology to improve the internet for all of us that kneecaps potential for misuse? Why aren't they relating exploits to the proposed technology standards that prevent human rights abuses by malicious governments? Why is the US administration playing pretend world police through virtue signaling?! We sell real arms to countries knowing which rebels they are going to kill. Why are sanctions being put on a technology partner instead of the actual human rights abuser?

      I wonder, if Sandvine/Francisco Partners are the losers/being squeezed here, who is, or rather who will be the winner?! Are we beginning to see the slippery slope of tech regulation?

    3. Arthur Daily

      Re: Deep packet inspection technology

      Advanced people can run programs to check latency and hops to detect substituted certificates MITM cheating. Which should always be done. Even if you are in the top 20 list of biggest banks. In any case certificates are not trustworthy. Then install your own certificates and re-test. I seem to recall MS and others have a OS hook, to prevent truthful discovery of the certificate (because an employee being watched would be tipped off if he/she enumerated email ACL's and Certificates often enough). MemoryDumps are your friend. Editing a memory dump and planting a RAT signature will get you off the hook. With TPM this is getting harder, but thankfully the lack of old gear not getting TPM security updates allows a smart security contractor to do very well indeed.

  3. Yorick Hunt Silver badge
    Holmes

    Ah, knocking off another Cisco competitor... Who's going to be next?

  4. Yet Another Anonymous coward Silver badge

    Pot Kettle

    Doesn't the USA sell M1 Abrams tanks to Egypt?

    Obviously tanks could never be used to violate human rights

  5. Claverhouse
    Angel

    Go For Broke

    The Americans, private citizens as well, should all rip out any and all computing/networking gear straight out of all governing entities including the Pentagon, and all state governments, and homes, schools, and businesses, that was manufactured even in part in the PRC.

  6. chuckufarley Silver badge
    Joke

    Denial?

    I thought it was in the Red Sea...

  7. Bitsminer Silver badge

    Problematics

    As noted by others, there are a few issues with picking on Sandvine.

    The Citizen Lab report was published in 2018, and mentioned Francisco Partners as a Sandvine investor. They still are. Francisco is based in San Francisco, California, USA. They are not, afaik, under US sanctions.

    Just about any packet processor can pick out an ip address and redirect http(s) traffic to an alternative site. Or a range of IP addresses and alternative sites. The Citizen Lab report explains this in detail. (Much of the malware downloaded by Egyptian-in-the-middle redirections was because the downloads sites used http not https, leaving doors wide open for abuse.)

    Competitors mentioned in their report include BlueCoat, bought up by Symantec which was in turn bought out by ... wait for it ... Broadcom.

    Another competitor is NSO group which has attracted it's own legal issues, mostly from the US.

    Sandvine's products appear to be relabeled whitebox computers. It's pretty hard to see how a US sanction is going to affect them.

    The question becomes: is any high-performance packet processor vendor going to be subject to similar sanctions depending on how their customers, perhaps secretly, use their products? Excepting Cisco of course...

  8. ChrisElvidge Bronze badge

    been accused of helping authoritarian regimes

    The networking business has, for years, been accused of helping authoritarian regimes censor and spy on dissidents.

    Shades of IBM and punch cards?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like