Protei Hack: Deep Packet Inspection Data Exposed

18 Nov 2025

A recent cyberattack has exposed sensitive data from a Russian telecommunications company known for creating systems that enable web surveillance and censorship across the globe.

Protei, founded in Russia and currently based in Jordan, was hacked, resulting in the defacement of its website and the theft of significant amounts of data.

International Presence and Products

Protei supplies technology to phone and internet providers in several nations, including Bahrain, Italy

Protei supplies technology to phone and internet providers in several countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan, and regions of central Africa.

The company's offerings include video conferencing tools, internet connectivity solutions, and equipment for surveillance and web filtering, such as deep packet inspection systems.

Details of the Breach

While the exact timeline and method of the hack remain unclear, a snapshot from the Internet Archive’s Wayback Machine indicates the website was altered on November 8, with normal operations restored shortly after.

Hackers extracted approximately 182 gigabytes of files, including emails spanning several years.

Data Shared with Transparency Collective

The pilfered data was subsequently transferred to DDoSecrets, a nonprofit organization focused on transparency by indexing leaked data deemed of public interest.

This includes information related to law enforcement, government bodies, and companies within the surveillance industry.

Lack of Response from Protei

Mohammad Jalal, Managing Director of Protei's Jordan branch, did not respond to requests for comments regarding this security breach.

The identity and motives of the hacker remain unknown, but the website’s homepage displayed the message: 'another DPI/SORM provider bites the dust', hinting at their disapproval of the company's involvement in deep packet inspection systems and SORM.

Surveillance Technology and SORM

Protei's deep packet inspection devices allow telecom firms to manage web traffic differently

SORM, a lawful intercept system devised in Russia, is operational in numerous regions that utilize Russian technology. It requires telecom operators to install equipment enabling government access to communications data, such as calls and text messages.

Protei's deep packet inspection devices allow telecom firms to manage web traffic differently based on its source, facilitating both surveillance and censorship in areas where expression is limited.

Protei's Involvement in Iran

In 2023, The Citizen Lab disclosed that Protei had interacted with Iranian telecommunications giant - Ariantel concerning technology used for monitoring internet traffic and restricting access to selected websites.

Documents released by The Citizen Lab illustrate that Protei claimed their technology can block access to certain sites for targeted individuals or large population segments.

Show full press release

A Russian telecom company that develops technology to allow phone and internet companies to conduct web surveillance and censorship was hacked, had its website defaced, and had data stolen from its servers, TechCrunch has learned.

Founded in Russia, Protei makes telecommunications systems for phone and internet providers across dozens of countries, including Bahrain, Italy, Kazakhstan, Mexico, Pakistan and much of central Africa. The company, now headquartered in Jordan, sells video conferencing technology and internet connectivity solutions, as well as surveillance equipment and web-filtering products, such as deep packet inspection systems.

Contents of Protei’s web server

It’s not clear exactly when or how Protei was hacked, but a copy of the company’s website saved on the Internet Archive’s Wayback Machine shows it was defaced on November 8. The website was restored soon after.

During the breach, the hacker obtained the contents of Protei’s web server — around 182 gigabytes of files — including emails dating back years.

Datasets in the public interest

A copy of Protei’s data was provided to DDoSecrets, a nonprofit transparency collective that indexes leaked datasets in the public interest, including data from law enforcement, government agencies, and companies involved in the surveillance industry.

Mohammad Jalal, the Managing Director of Protei’s branch in Jordan, did not respond to a request for comment about the breach.

The identity of the hacker is not known, nor their motivations, but the defaced website read: 'another DPI/SORM provider bites the dust.' The message likely references the company’s sales of deep packet inspection systems and other internet filtering technology for the Russian-developed lawful intercept system known as SORM.

Install SORM equipment on networks

SORM is the main lawful intercept system used across Russia as well as several other countries that use Russian technology. Phone and internet providers install SORM equipment on their networks, which allows their country’s governments to obtain the contents of calls, text messages, and web browsing data of the networks’ customers.

Deep-packet inspection devices allow telecom companies to identify and filter web traffic depending on its source, such as a social media website or a specific messaging app, and selectively block access. These systems are used for surveillance and censorship in regions where freedom of speech and expression are limited.

logging internet traffic and blocking access

The Citizen Lab reported in 2023 that Iranian telecoms giant - Ariantel had consulted with Protei about technology for logging internet traffic and blocking access to certain websites.

Documents seen and published by The Citizen Lab show that Protei touted its technology’s ability to restrict or block access to websites for specific people or entire swathes of the population.

Download PDF version Download PDF version

Add as a preferred source on Google