[kictanet] Safaricom and Internet Traffic Tampering

Thu Mar 23 11:53:31 EAT 2017

That is why we did a responsible disclosure. Safaricom did reach back to us and promised to give a detailed report. 

Even after polite reminders, we did not hear back from them officially. 

---
Moses

> On 23 Mar 2017, at 11:25, Ali Hussein <ali at hussein.me.ke> wrote:
> 
> These are very serious allegations guys.
> 
> It would be great to hear from Safaricom.
> 
> Ali Hussein
> Principal
> Hussein & Associates
> +254 0713 601113 
> 
> Twitter: @AliHKassim
> Skype: abu-jomo
> LinkedIn: http://ke.linkedin.com/in/alihkassim
> 
> "We are what we repeatedly do. Excellence, therefore, is not an act but a habit."  ~ Aristotle
> 
> 
> Sent from my iPad
> 
>> On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <kictanet at lists.kictanet.or.ke> wrote:
>> 
>> I recently had a very traumatizing experience with a client I was consulting for and whose preferred mode of connection is Safaricom 4G.
>> 
>> For two days I was struggling to figure out why what seemed so obvious (in my mind) was NOT working with Safaricom while I had tested the same with JTL and Access Kenya links.
>> 
>> It turned out that Safaricom truly tamper with traffic to the Internet. This includes even VPN traffic.
>> 
>> This test result presented here is not a surprise to me at all. Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced that they can do ANYTHING with your traffic.
>> 
>> I wrote a private email to Stephen Chege of Safaricom (we all remember him) but didn't receive even an acknowledgement. The problem I had - with DNS and VPN still stand unresolved.
>> 
>> And this is why I am always suspicious about the dalliance (for lack of a better word. I am thinking in Dholuo and translating to English) between Safaricom and the govt, especially since one of them was given a senior govt job!
>> 
>>  
>> 
>>> On 23 March 2017 at 09:27, Mose Karanja via kictanet <kictanet at lists.kictanet.or.ke> wrote:
>>> Hello listers. 
>>> 
>>> CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
>>> 
>>> In light of such dual uses, this report makes clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor and possibly censor the Internet during Kenya’s current electoral processes.
>>> 
>>> You can download the brief from this link: 
>>> 
>>> http://blog.cipit.org/2017/03/23/cipit-research-reveals-evidence-of-internet-traffic-tampering-in-kenya-the-case-of-safaricoms-network/#more-5833 
>>> 
>>> -Moses
>>> 
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: https://www.facebook.com/KICTANet/
>>> 
>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/odhiambo%40gmail.com
>>> 
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>>> 
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>> 
>> 
>> 
>> -- 
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254 7 3200 0004/+254 7 2274 3223
>> "Oh, the cruft."
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> 
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
>> 
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>> 
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170323/82c5eb81/attachment.htm>