Article content continued

Citizen Lab identified the hardware behind the hacking as PacketLogic devices produced by Procera — a Fremont, California-based company that was recently folded into Waterloo, Ont.-based network management firm Sandvine, which is owned by American private equity group Francisco Partners.

In a statement issued before the report’s release, Sandvine said it investigates all allegations of abuse, but said it had been unable to complete its inquiry because Citizen Lab refused to provide the company with its findings in full.

“Once we have the necessary data, we will conduct a full investigation and take appropriate action,” Sandvine said.

The statement also said Citizen Lab’s allegations were “technically inaccurate and intentionally misleading,” but a representative for the company has yet to supply an example of a misleading or inaccurate claim.

Citizen Lab said it discovered the hacking after a European cybersecurity company reported that network service providers in two unidentified countries were trying to compromise their users using a powerful hacking technique known as network injection. Citizen Lab scoured the internet for signs of the spying and eventually traced the activity to the Turkish provinces of Adana, Hatay, Gaziantep, Diyarbakir and to the Turkish capital, Ankara, as well as parts of northern Syria and Egypt.

Network injection — so-called because malicious software is injected into everyday internet traffic by whoever controls the network — has long been feared as a particularly powerful form of government spying.