Linux User Group of Mauritius Promoting open source software in our beautiful island

12Nov/150

The tale of Mauritian backdoors

Posted by logan

The government of Mauritius

The government of Mauritius loves to operate in a non-transparent fashion. Internet Filtering has been implemented by ICTA with little input from local Internet Users. They once blocked facebook in Mauritius. There are probably other plans underway to undermine the privacy of Internet Users in Mauritius. How could the government go and spy on the citizens of Mauritius ? This question has been on my mind since a while now. I would argue that it's easier to implement in Mauritius than in other countries.

ISP Market

When ICTA got the great idea to filter some internet content in Mauritius, there was little protest from any ISP. Orange, which is partially owned by the government agreed to it. I was somewhat surprised that Emtel did not take a public stand against it, as it's a private company. This leads me to believe that there is NO ISP in Mauritius is committed to protecting the privacy of its customers. It's interesting to see how the first backdoor was implemented in Mauritius: The government lacked the necessary technical expertise, and outsourced it to a New Zealand based company to implement the Internet Filtering system. I believe that it's possible that the ICTA filtering system is not only blocking, but also logging the traffic of Internet Users to some of those pornographic websites. Due to the lack of transparency regarding the list of websites, it's hard to say. However, one could speculate that if a political party launches its own website (e.g www.mmmparty.com), ICTA could potentially have any visitor to that website from Mauritius logged passively using the Internet Filtering system. In other words, do not block the website, but log the IP addresses of people accessing the website. This would give the government an idea of how many supporters are behind an opposition party. The ICTA Internet Filtering is the first example of a known backdoor implemented by the Government of Mauritius.

Another backdoor could be in the modems that the ISP deploy on the Customer premises. By matching the customer details and the Internet Traffic from the modem to get a better idea of the different people within a house. I'll give a concrete example: If there is a lot of traffic to the mmmparty.com coming from a particular house, the ISP cannot know exactly who is exactly behind it, as ISPs in Mauritius allocate a single public IPv4 address to each customer. By putting a backdoor within the modem, it can get a full picture of which device is connecting to that website. However, the government itself does not have this kind of technical expertise. It would mandate an ISP to implement that, and a router manufacturer would happily accept that as a "business requirement".

Tablets in school & Wireless Access Points

A number of people are currently raising concerns that a private company is getting all of the contracts for tablets, and wireless access points in Mauritius. The young generation constitutes a sizable group that will be able to vote in 4 years. A contractor could include a backdoor that would log any traffic to those tablets and get the government an idea of the political inclinations of young people. As far as I know, there has not been any audit of the tablets.

Controlling the smartphone market

ICTA has implemented all kind of measures to discourage people from importing wireless equipment under the pretense of "regulatory concerns". This favours companies like Orange and Emtel who are selling smartphones. Since none of those companies are committed at protecting the privacy of their customers, That would be a great avenue to implement another backdoor. By bugging every smartphone, the government can collect information on who is talking to who, and the duration of the call. I heard that the government of Mauritius was taping phone calls at one point right before the elections. The government of Mauritius has historically been tied to the ITU, which is known to operate in a non-transparent manner, so It's safe to say that telephone calls through the GSM network (2G, 3G, 4G) can be monitored.

Monitoring facebook

When the interim Minister of TCI started talking about avenues of co-operation between facebook and the government of Mauritius, I felt uneasy. A few months earlier, Orange was announcing that it would offer facebook for free via its Data package. By channeling mobile traffic via its GSM network, Orange can potentially monitor Internet Traffic of facebook users. I started wondering if the announcement weren't somewhat connected. "We give you free facebook, but we monitor it." Facebook is the most popular social network in Mauritius. Dangerous is the road ahead ...

Filed under: government No Comments