Surveillance tech provider Protei was hacked, its data stolen, and its website defaced

A Russian telecom company that develops technology enabling phone and internet providers to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned.

Founded in Russia, Protei builds telecommunications systems for operators across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan, and much of central Africa. Now headquartered in Jordan, the company sells video-conferencing technology, internet connectivity solutions, surveillance equipment, and web-filtering tools, including deep packet inspection systems.

It remains unclear exactly when or how the breach occurred, but a copy of the website saved on the Internet Archive’s Wayback Machine shows signs of defacement on November 8. The site was restored shortly after.

During the intrusion, the hacker accessed the contents of Protei’s web server — roughly 182 gigabytes of files — including years’ worth of email records.

A copy of the stolen data was provided to DDoSecrets, a nonprofit transparency organisation known for cataloguing leaked datasets in the public interest, including materials from government agencies, law enforcement bodies, and companies tied to surveillance technology.

Mohammad Jalal, managing director of Protei’s Jordan branch, did not respond to TechCrunch’s request for comment.

The identity and motives of the hacker are unknown, though the defaced homepage displayed the message: “another DPI/SORM provider bites the dust.” This appears to reference the company’s involvement in deep packet inspection systems and other tools developed for SORM, Russia’s long-standing surveillance architecture.

SORM is the primary lawful intercept system used throughout Russia and several other nations that rely on Russian infrastructure. Telecom firms are required to install SORM devices on their networks, granting government agencies access to calls, text messages, and users’ web activity.

Deep packet inspection technology enables operators to analyse and filter internet traffic by source, such as social platforms, messaging apps, or specific URLs, and selectively restrict access. These tools are often deployed for surveillance and censorship in regions with limited freedom of expression.

In 2023, The Citizen Lab reported that Iranian telecom giant Ariantel had consulted Protei regarding systems designed to log internet traffic and block access to targeted sites. Documents reviewed and published by Citizen Lab indicated that Protei promoted capabilities to restrict online access for individuals or entire populations.