[kictanet] Safaricom and Internet Traffic Tampering

Thu Mar 23 21:25:17 EAT 2017

Steve,

This, just doesn't add up....

Let's talk layman, let's talk HTTP; A protocol designed to enable
communication between a users browser and the web server.

The only parties that should learn how to 'speak' and 'hear' this protocol
is only the browser & the web-server period!

Whether a browser / web-server breaks this protocol and uses HTTP in a way
it wasn't supposed to be used is simply not any ISP's business. The duty is
on the web-server to inform the user and vice-versa that they cannot
understand what the other is requesting for.

The only task an ISP has is simply to *carry* this message, broken or not
and charge the user for the data.

What you have just written is akin to saying, if I called Ali on your
network and then in the middle of the conversation I used broken English,
that my conversation will be promptly cut until I use the *correct* English.

HTTP is what contains the users data. The fact that you have *written* that
you look into HTTP means you look into your users data, something that I
believe is explicitly against the laws of the land.

The more you try to twist this, the deeper a hole you dig yourselves in.

Regards

On Thu, Mar 23, 2017 at 5:09 PM, Stephen Chege via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Mose and all
>
>
>
> We have noted CIPTs claim and wish to state categorically that Safaricom
> does not in any way alter internet traffic.  In addition, Safaricom did
> reach out to CIPT through a conference call with our engineers on 24th
> February 2017, which we believed was the best way to engage on this issue
> as it is technical and both parties had a chance to express their position.
>
>
>
> From our understanding, CIPT use an application called Ooniprobe to test
> whether there is any alteration of a packet sent through a particular ISPs
> network. It uses crowdsourcing to collect information about a network,
> which is later uploaded to an analytics server whose front-end is the
> website. In order to test tampering it makes use of detuned / altered /
> crafted  HTTP parameters. The crafted HTTP packet is then directed towards
> dedicated servers that echo back HTTP header(s). The expectation is that
> such a crafted packet should not be subject to any form of network
> manipulation, even if the query used is wrong it should echo back as sent.
>
>
>
> In the discussions we had with CIPT, we clarified that on our network, we
> strictly follow the correct formats of the HTTP version on the optimisation
> gateway, because packets are expected in the correct HTTP format as per
> agreed global standards (RFC 2616: Section 2.2). Any crafted or altered
> packets that violate the accepted correct HTTP formats generate an error.
> So by CIPT sending a packet that has its HTTP parameters detuned/altered,
> they would receive an error as explained above. This is not evidence of a
> middle box as now alleged.
>
>
>
> We have also observed a concerning trend where entities use the same
> packet crafting methods mentioned above to defraud the ISP by tunneling
> traffic through zero rated sites (i.e. by-passing billing).
>
>
>
> In summary, we have a standard ISP traffic optimizer whose sole purpose is
> to optimize quality of experience, to deliver service to our customers
> without bias, and does not alter traffic.
>
>
>
> We further state that anyone testing our network within accepted RFC
> standards will be able to establish that our network does not in any way
> alter internet packets.
>
>
>
> regards
>
>
>
> Steve
>
>
>
> *From:* kictanet [mailto:kictanet-bounces+schege=safaricom.co.ke at lists.
> kictanet.or.ke] *On Behalf Of *Mose Karanja via kictanet
> *Sent:* Thursday, March 23, 2017 11:54
> *To:* Stephen Chege
> *Cc:* Mose Karanja; KICTAnet ICT Policy Discussions
> *Subject:* Re: [kictanet] Safaricom and Internet Traffic Tampering
>
>
>
> That is why we did a responsible disclosure. Safaricom did reach back to
> us and promised to give a detailed report.
>
>
>
> Even after polite reminders, we did not hear back from them officially.
>
>
>
> ---
>
> Moses
>
>
> On 23 Mar 2017, at 11:25, Ali Hussein <ali at hussein.me.ke> wrote:
>
> These are very serious allegations guys.
>
>
>
> It would be great to hear from Safaricom.
>
> *Ali Hussein*
>
> *Principal*
>
> *Hussein & Associates*
>
> +254 0713 601113
>
>
>
> Twitter: @AliHKassim
>
> Skype: abu-jomo
>
> LinkedIn: http://ke.linkedin.com/in/alihkassim
>
>
>
> "We are what we repeatedly do. Excellence, therefore, is not an act but a
> habit."  ~ Aristotle
>
>
>
>
>
> Sent from my iPad
>
>
> On 23 Mar 2017, at 10:04 AM, Odhiambo Washington via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
> I recently had a very traumatizing experience with a client I was
> consulting for and whose preferred mode of connection is Safaricom 4G.
>
>
>
> For two days I was struggling to figure out why what seemed so obvious (in
> my mind) was NOT working with Safaricom while I had tested the same with
> JTL and Access Kenya links.
>
>
>
> It turned out that Safaricom truly tamper with traffic to the Internet.
> This includes even VPN traffic.
>
>
>
> This test result presented here is not a surprise to me at all.
> Safaricom's DPI (Deep Packet Inspection) systems are so robust and advanced
> that they can do ANYTHING with your traffic.
>
>
>
> I wrote a private email to Stephen Chege of Safaricom (we all remember
> him) but didn't receive even an acknowledgement. The problem I had - with
> DNS and VPN still stand unresolved.
>
>
>
> And this is why I am always suspicious about the dalliance (for lack of a
> better word. I am thinking in Dholuo and translating to English) between
> Safaricom and the govt, especially since one of them was given a senior
> govt job!
>
>
>
>
>
>
>
> On 23 March 2017 at 09:27, Mose Karanja via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
> Hello listers.
>
>
>
> CIPIT has been conducting network measurements on Kenyan Internet Service
> Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10
> February 2017, the data indicated the presence of a middle-box on the
> cellular network of one provider, Safaricom Limited (AS33771) that had not
> previously presented any signs of traffic manipulation. Middle-boxes assume
> dual-use character in that they can be used for legitimate functions (e.g.,
> network optimisation) and can simultaneously be used for traffic
> manipulation, surveillance and aiding censorship.
>
>
>
> In light of such dual uses, this report makes clear that service providers
> operating middle-boxes must communicate to the public in a transparent
> manner the justification for such activity. This is especially relevant as
> government bodies announce plans to monitor and possibly censor the
> Internet during Kenya’s current electoral processes.
>
>
>
> You can download the brief from this link:
>
>
>
> http://blog.cipit.org/2017/03/23/cipit-research-reveals-
> evidence-of-internet-traffic-tampering-in-kenya-the-case-
> of-safaricoms-network/#more-5833
>
>
>
> -Moses
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/odhiambo%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
>
>
>
> --
>
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/info%40alyhussein.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
> ------------------------------
> *Note:*
> All emails sent from Safaricom Limited are subject to Safaricom’s Email
> Terms & Conditions. Please click here to read the policy.
> http://www.safaricom.co.ke/images/Downloads/Terms_and_
> Conditions/safaricom_email_terms_and_conditions.pdf
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/ngigi%40at.co.ke
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>

-- 
*Regards,*

*Wait**haka Ngigi*
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
www.at.co.ke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170323/77acb55d/attachment.htm>