#bneTech: Kazakhstan attempts to spy on citizens’ web use via encryption-busting Qaznet Trust Certificate

#bneTech: Kazakhstan attempts to spy on citizens’ web use via encryption-busting Qaznet Trust Certificate
Kazakhstan's got a Big Brother problem. / Paterm.
By bne IntelliNews July 24, 2019

Kazakhstan’s government appears to have embarked on a major “man in the middle” attempt at spying on citizens’ web communications in the wake of the big anti-regime protests that broke out across the country during the June presidential election.

Internet service providers (ISPs) based in Kazakhstan are being instructed to force their users to install government-issued root certificates on devices to allow agencies to intercept web traffic. The government has launched an encryption-busting Qaznet Trust Certificate in the nation’s capital Nur-Sultan in a first test run.

A blog post from virtual private network (VPN) provider Private Internet Access characterised the move, commonly known in security circles as a man in the middle attack (MiTM), as one designed to "spy on its citizens' internet traffic".

Gargantuan privacy issue”
"Forcing all of Kazakhstan's internet through one government issued certificate is a gargantuan privacy issue but it is also a security issue," the post said. It also noted that a hacker could gain control of the certificate itself and thus gain access to all the unencrypted traffic of every user.

Paul Bischoff, from Comparitech, said the move "is about surveillance, not security" and encouraged browser-makers such as Mozilla and Google to ban the certificate.

“Or they could add some sort of indicator to let users know that the government is spying on them,” he said. “A VPN might be a good solution [for internet users] in the meantime.”

"This is a man-in-the-middle attack at nation-state scale," Bischoff added. "Considering that more than half of the websites visited today use HTTPS [for secure communication resistant to MiTM attacks], this is a huge endeavour... I'd give it a month before the whole thing falls apart."

Big embarrassment
The protests were a big embarrassment to Kazakhstan which has spent a fortune on PR portraying itself as a modern nation in tune with the aspirations of its people.

Kazakh Interior Minister Erlan Turghymbayev said on June 18 that the number of protesters detained during the rallies against the presidential election, which started on the day of the poll on June 9, reached nearly 4,000 people.

The number was more than fourfold the number of arrests previously disclosed by the Kazakh authorities, originally reported at just under 1,000 people. When the previous figure was announced, Kazakh opposition activists pointed out on social media that the government’s figures were unrealistic as they did not match reports of arrests at individual police stations. One opposition activist has claimed that the number of arrests in the Kazakh capital, Nur-Sultan, amounted to 1,000 people on election day alone—the protests lasted until the inauguration of Kassym-Jomart Tokayev on June 12.

Tech

Dismiss