Watchdog: Western tech used for hacking in Turkey

PARIS -- A Canadian company's hardware is being used to hack internet users along Turkey's border with Syria, researchers said Friday, adding there were signs Kurdish forces aligned with the United States might have been targeted.

The revelation comes as Turkey presses its offensive against the Kurds dug in along the country's frontier with northwestern Syria -- a conflict threatening to disrupt the American-led effort to extinguish the Islamic State group. The apparent use of Canadian technology to target a U.S. ally was an irony underlined by Ron Deibert, the director of the internet watchdog group Citizen Lab, which published a report on the spying.

"These companies are not closely regulated -- and that can lead to a lot of unintended consequences, including consequences that harm our foreign policy interests and human rights interest as well," said Deibert. "It's a strong argument for government control over this kind of technology."

Citizen Lab identified the hardware behind the hacking as PacketLogic devices produced by Procera, a Fremont, California-based company recently folded into Canada-based network management firm Sandvine, which is owned by American private equity group Francisco Partners.

In a statement issued before the report's release, Sandvine said it investigates all allegations of abuse, but said it had been unable to complete its inquiry because Citizen Lab refused to provide the company with its findings in full.

"Once we have the necessary data, we will conduct a full investigation and take appropriate action," Sandvine said.

The statement also said Citizen Lab's allegations were "technically inaccurate and intentionally misleading," but a representative for the company has yet to supply an example of a misleading or inaccurate claim.

Citizen Lab said it discovered the hacking after a European cybersecurity company reported network service providers in two unidentified countries were trying to compromise their users using a powerful hacking technique known as network injection. Citizen Lab scoured the internet for signs of the spying and eventually traced the activity to the Turkish provinces of Adana, Hatay, Gaziantep, Diyarbakir and to the Turkish capital, Ankara, as well as parts of northern Syria and Egypt.

Network injection -- so-called because malicious software is injected into everyday internet traffic by whoever controls the network -- has long been feared as a particularly powerful form of government spying.

"This can potentially be used to target anyone in the country with the click of the button," said Bill Marczak, the lead author of the report.

Although the identities of those being spied on in Turkey and Egypt aren't clear, Marczak said the devices appeared to be installed on the network belonging to Turk Telekom, a leading phone and internet provider in Turkey as well as parts of northern Syria. He said there were hints suggesting some of the targets are affiliated with the YPG, the Kurdish Marxist rebel group fighting Turkish forces for control of the northwestern Syrian province of Afrin. Although Turkey considers the YPG a terrorist organization, the group provides the backbone of the U.S.-backed operations against the Islamic State in eastern Syria.

American officials acknowledged Monday ground operations against the jihadist group's remnants in eastern Syria were on hold because Kurdish fighters were being diverted to the battle against Turkey.