The Egyptian government has been secretly infiltrating its citizen’s computers and mining cryptocurrency, according to a report from The Citizen Lab at the University of Toronto.
Under a scheme called AdHose, the government was sending internet users to either advertising sites, or to obsolete websites where, unbeknown to them, their computer was being misused, often to mine the Monero cryptocurrency, the report said.
“On a number of occasions, the middleboxes were apparently being used to hijack Egyptian internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts,” the report said.
Users were allegedly directed “en masse” to cryptocurrency mining scripts, a system the university called “spray mode” or they were redirected from specific websites, a scheme called “trickle mode.” Websites included a former pornographic website (Babylon-X.com) and a religious site for the pope of the Coptic Orthodox Church (CopticPope.org).
In a scan conducted by the university on Jan. 3, 2018, data from 5,702 IP addresses in Egypt found redirection to advertising sites close to 95% of the time.
The report, which covered other regions in North Africa and the Middle East, found that government devices were being used to manipulate other state and private sector functions.
“In Egypt and Turkey, we also found that devices matching our Sandvine PacketLogic fingerprint were being used to block political, journalistic, and human rights content.”
Additionally, the hardware was blocking users to certain news and human rights websites such as Reporters Without Borders, Al Jazeera and HuffPost Arabi, the report said.