HomeOur Team

HTTPS traffic intercepting by Kazakhstan government

By Vitus White
Published in Apps & Software
March 25, 2020
2 min read
HTTPS traffic intercepting by Kazakhstan government

Kazakh government first wanted to intercept all HTTPS traffic way back in 2016, but they backed off after several lawsuits. https://www.zdnet.com/meet-the-team/us/catalin.cimpanu/#ftag=CAD-00-10aag7e

Starting Wednesday, July 17, 2019, the Kazakhstan government has started intercepting all HTTPS internet traffic inside its borders.

Local internet service providers (ISPs) have been instructed by the local government to force their respective users into installing http://qca.kz/ target=_blank rel= oreferrer noopener>a government-issued certificate on all devices, and in every browser.

The certificate, once installed, will allow local government agencies to decrypt users’ HTTPS traffic, look at its content, encrypt it again with their certificate, and send it to its destination. Kazakh users trying to access the internet since yesterday have been redirected to web pages that contained instructions on how to install the government’s root certificate in their respective browsers, may it be a desktop or mobile device.

For example, this is the page shown by local ISP Kcell, and this is another one that Beeline is showing to its customers

Kazakhstan government says it’s for the best

Local ISPs started forcing their customers into installing the government’s root certificate yesterday, following an official government announcement.

In a statement posted on its website, the Kazakh Ministry of Digital Development, Innovation and Aerospace said only internet users in Kazakhstan’s capital of Nur-Sultan will have to install the certificate; however, users from all across the country reported being blocked from accessing the internet until they installed the government’s certificate. Some users also received SMS messages on their smartphones about having to install the certificates, https://tengrinews.kz/internet/spetsialnyiy-sertifikat-poprosili-ustanovit-smartfonyi-374216/ according to local media.

Ministry officials said the measure was imed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.

Government previously failed in 2015

https://web.archive.org/web/20151202203337/ http://telecom.kz/en/news/view/18729vThe Kazakh government first tried to have all its citizens install a root certificate in December 2015. At the time, it ruled that all Kazakh user had to install their root certificate by January 1, 2016.

The decision was never implemented because the local government was sued by several organizations, including ISPs, banks, and foreign governments, who feared this would weaken the security of all internet traffic (and adjacent business) originating from the country.

At the same time in December 2015, the Kazakh government also applied with Mozilla to have its root certificate included in Firefox by default, but https://bugzilla.mozilla.org/show\_bug.cgi?id=1232689#c11 Mozilla declined

Currently, browser makers like Google, Microsoft, and Mozilla https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ are discussing a plan of action on how to deal with sites that have been (re-)encrypted by the Kazakh government’s root certificate. No decision has been reached, at the time of writing.

source: zdnet.com


Tags

#secure
Previous Article
How To Configure Cloudflare To Maximize WordPress Speed + Security
Vitus White

Vitus White

Web Developer

Related Posts

The Microsoft Edge browser will warn users about the leaked passwords
April 17, 2020
1 min
© 2021, All Rights Reserved.

Quick Links

Our TeamContact Us

Legal Stuff

Social Media