Protei develops a range of systems used by telecom operators, including conferencing platforms and connectivity services. However, the company is most widely associated with deep packet inspection (DPI) tools and network filtering technologies — software commonly used in countries where governments impose strict controls on online information flow and communication. These systems allow network providers to inspect traffic patterns, identify specific services or websites and enforce blocks or restrictions.
It remains uncertain exactly when the intrusion occurred, but archived pages from the Wayback Machine indicate the public defacement took place on November 8. The altered site contained a short message referencing the firm’s involvement in DPI technology and surveillance infrastructure. Although the webpage was restored quickly, the attackers reportedly extracted approximately 182 gigabytes of data from Protei’s systems, including email archives dating back several years.
A copy of the exposed files was later supplied to Distributed Denial of Secrets (DDoSecrets), an organization known for cataloging leaked data from governments, law enforcement agencies and companies operating in surveillance or censorship markets. DDoSecrets confirmed receiving the dataset and made it available to researchers and journalists.
Prior to publication, TechCrunch reached out to Protei leadership for clarification. Mohammad Jalal, who oversees the company’s Jordan branch, did not initially respond. After publication, he issued an email claiming the company is not connected to Russia and stating that Protei had no confirmed knowledge of unauthorized data extraction from its servers.
The message left by the hacker suggested an ideological motive rather than a financial one. The wording referenced SORM — Russia’s lawful interception framework that enables intelligence agencies to access telecommunications data. Protei’s network filtering and DPI tools are believed to complement SORM deployments in regions where governments restrict digital freedoms.
Reports from research organizations have previously linked Protei technology to censorship infrastructure. In 2023, Citizen Lab documented exchanges suggesting that Iranian telecommunications companies sought Protei’s systems to log network activity and block access to selected websites. Documents reviewed by the group indicated the company’s ability to deploy population-level filtering and targeted restrictions.
The breach adds to growing scrutiny surrounding technology vendors supplying surveillance capabilities internationally, especially in environments where privacy protections and freedom of expression remain vulnerable.
