Protei, a telecommunications provider specializing in surveillance and web censorship technology, has suffered a massive security breach. Hackers compromised the company’s servers, defaced its official website, and exfiltrated approximately 182 gigabytes of sensitive internal data, including years of archived emails.
A Global Footprint in Surveillance
Originally founded in Russia and currently headquartered in Jordan, Protei develops infrastructure for mobile and internet service providers across the globe. Their client base spans numerous countries, including Italy, Mexico, Pakistan, Kazakhstan, Bahrain, and various regions across central Africa. The company provides a wide array of services, ranging from video conferencing and connectivity solutions to advanced surveillance equipment and deep packet inspection (DPI) systems.
The Breach and Data Exposure
While the exact timeline of the intrusion remains under investigation, evidence of the breach surfaced on November 8, when the company’s website was defaced. The site was restored shortly thereafter, but not before hackers successfully harvested 182GB of data.
This stolen cache has been provided to DDoSecrets, a nonprofit transparency organization that publishes leaked datasets involving government agencies, law enforcement, and surveillance-industry entities.
Targeting SORM and DPI Technology
Although the hackers remain unidentified, their motive appears linked to the company’s controversial product line. The defaced landing page featured the message: “another DPI/SORM provider bites the dust.”
The statement refers to the company’s role in supplying technology for SORM—the Russian-developed “lawful intercept” system. SORM allows governments to monitor the calls, text messages, and web browsing history of citizens. Furthermore, Protei’s deep packet inspection tools enable telecom providers to selectively filter or block web traffic, a practice frequently utilized to enforce censorship in regions with restricted freedom of speech.
Previous Ties to Internet Filtering
Protei’s involvement in restricting online access is well-documented. A 2023 report by The Citizen Lab revealed that the Iranian telecom giant Ariantel consulted with Protei regarding traffic-logging capabilities. Internal documents indicated that Protei marketed its systems as being capable of blocking or restricting access to specific websites for targeted individuals or entire populations.
Company Response
Mohammad Jalal, managing director of Protei’s Jordan branch, initially did not comment on the breach. Following the publication of reports on the incident, Jalal stated that the company maintains no current affiliation with Russia and claimed they are “not aware” of any data exfiltration from their servers.