Main article: Communication (Kazakhstan market)
2022: Kazakhstan could not block the Internet with equipment like Russia
As it became known on January 12, 2022, the authorities of Kazakhstan after the start of protests in the country tried to pointedly block traffic on the Internet using DPI (Deep Packet Inspection) equipment, but they failed. According to Forbes, citing its sources, because of this, the authorities had to turn off access to the Network "almost manually."
According to the interlocutor of the publication, close to one of the Russian telecom operators, the largest Kazakhstan telecom company "" Kazakhtelecom purchased DPI systems for its own purposes (for example, to collect analytics and prioritize traffic), and it was "not sharpened" under locks.
The State National Security Committee (NSC) sent an order to each telecom company to block the traffic transmission channel. After that, the operators disconnected the equipment either on the core of the network, or incapacitating the Internet provision service itself.
Losses of the operator Kcell due to locks are estimated at 1 billion tenge (more than 172 million rubles). According to the Top10VPN portal, the total damage to the country's economy due to the disconnection of the Network amounted to about $189 million.
By January 2022, DPI technology is used in Russia to filter traffic. The relevant state equipment, as part of the implementation of the law on the "sovereign Internet," telecom operators were obliged to install at traffic exchange points. The scheme assumes that in the event of a threat to the work of the Russian Internet, Roskomnadzor will be able to take over the centralized management of communication networks and ensure uninterrupted Internet.
President of Kazakhstan Kassym-Zhomart Tokayev announced on January 7, 2021 that in connection with the stabilization of the situation, he decided to turn on the Internet in certain regions of the country for certain time intervals. According to him, this will positively affect the life of citizens.[1]
2020
Apple, Google, Microsoft and Mozilla blocked in browsers certificates used by the authorities of Kazakhstan to intercept traffic
Apple, Google, Microsoft, Mozilla and Opera blocked in browsers the certificates used by the Kazakh authorities to intercept and decrypt HTTPS traffic using the MITM (Man-in-the-Middle) attack. This became known on December 18, 2020.
According to ZDNet, the certificate has been used since the beginning of December 2020, when the Kazakh authorities forced local Internet providers to block the access of Nur-Sultan residents to foreign sites if a special digital certificate issued by the state is not installed on their devices. Without it, users cannot access the largest foreign web services, such as YouTube and Twitter.
From December 18, 2020, if this certificate has been installed and activated on user devices, then a security warning is issued in the browsers Safari, Edge, Chrome/Chromium, Opera and Firefox.
This means that after the ban, even if users in Nur-Sultan install a certificate for their devices, browsers will refuse to use them, and therefore user data will remain safe and will not get to the authorities, explains the TechSpot portal.
As explained in Mozilla, the largest IT companies in the world added the MITM certificate of Kazakhstan to the list of revoked certificates due to the fact that it violates the security and privacy of users. The company added that Kazakhstani users can use VPN or the Tor browser to access the Internet.
The government's explanation did not make any technical sense, since certificates cannot prevent mass cyber attacks and are usually used only to encrypt and protect traffic from third-party observers, writes ZDNet.
Earlier, the authorities of Kazakhstan made an attempt to oblige the population to establish state certificates. Then, many lawsuits were filed against telecom operators demanding that the imposition of the certificate on subscribers be declared illegal.[2]
Kazakh authorities, under the pretext of IB exercises, again began to intercept HTTPS traffic
On December 6, 2020, the authorities of Kazakhstan, under the pretext of cybersecurity exercises, again began to try to intercept HTTPS traffic. Local telecommunications companies, including Beeline, Tele2 and Kcell, send messages asking subscribers to install special digital certificates on their devices "to maintain access to some Internet resources."
According to ZDNet, a number of Kazakhstani users told the publication about the loss of access to Google, Twitter, YouTube, Facebook, Instagram and Netflix sites, without installing a state root certificate.
The publication notes that this is the third attempt by the government to force the population to install certificates for their equipment. All of them were unsuccessful, since browser developers blocked these certificates.
According to ZDNet experts, after installing the certificate, the government is able to intercept all HTTPS traffic coming from user devices using MitM technology (Man-in-the-Middle). This is one of the popular methods of hacker attacks, designed precisely to intercept information.
On December 7, 2020, the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan announced that cyber exercises related to the use of a security certificate were completed in Nur-Sultan.
Only the phase of cyber exercises related to attacks remains, repelling attacks by state bodies themselves. We believe that our citizens will not be involved as much as possible. Only if when attacking state resources. That is, if the attack succeeds, this resource will be unavailable for some time, "said Ruslan Abdikalikov, chairman of the information security committee of the Ministry of Digital Development.[3] |
2019
Kazakhstan unexpectedly stopped intercepting Internet traffic of citizens. The president explained why
On August 6, 2019, the Kazakh authorities unexpectedly announced the termination of a project to intercept Internet traffic of the population after several lawyers sued mobile operators who began to distribute a special certificate.
This certificate allowed the government to intercept user traffic by bypassing the encryption used by email services and instant messengers.
The National Security Committee of Kazakhstan called the distribution of this certificate an experiment that was completed. Users can delete the certificate and use the Internet as usual, the department said.
The committee emphasized that the initiative was aimed at protecting Kazakhstani users from "hacker attacks, online fraud and other types of cyber threats."
President of Kazakhstan Kassym-Zhomart Tokaev said on his Twitter blog that he personally ordered this testing, and it showed that protective measures will not inconvenience Internet users in the country.
The rapid completion of testing of the security certificate under the Cyber Shield program showed a high level of technical equipment in the event of cyber attacks from outside, which previously occurred repeatedly. The main thing is that there will be no inconvenience to Internet users in KZ. All fears have no basis, "the head of state wrote. |
In Kazakhstan, social networks and Internet resources objectionable to the authorities are regularly blocked. So, another wave of locks occurred during the presidential election in 2019. Human rights activists admitted that the introduction of a new security certificate will make it easier for the Kazakh authorities to limit access to prohibited resources.
After the three largest mobile operators in Kazakhstan began to oblige subscribers to establish a security certificate, lawsuits were filed against them indicating that restricting access to the Internet is a violation of the law.[4]
Kazakh authorities intercept Facebook, Google and VKontakte traffic
A week after the government of Kazakhstan began to intercept all HTTPS traffic, some details about what is happening in the country became known.
According to Censored Planet, by July 23, 2019, only 37 domains, mainly owned by popular services such as,,,, and, are decrypted and viewed the content of protected citizen traffic Facebook Google Twitter. Instagram YouTube VKontakte
Experts note that not all Internet providers began to fulfill the requirements for intercepting HTTPS traffic - in Censored Planet they found such activity only from Kazakhtelecom. In addition, interception is not carried out constantly, and the start and end times do not have regularities.
This indicates that the interception system is still being tested or configured, possibly before full-scale deployment, says Censored Planet, which employs scientists from the University of Michigan and the University of Colorado. |
According to Roy Ensafi, associate professor of computer science at the University of Michigan, traffic interception breaks end-to-end encryption and allows the government of Kazakhstan to receive full information about user activity on the Internet.[5]
A representative of Mozilla told CPJ that the root certificate used by the government of Kazakhstan was not transferred to the company in order to be included in the list of trustees in. browser Firefox
This means that our products do not trust this default certificate, and will not do so for the foreseeable future, since the process of inclusion [in the list of trusted] usually takes more than a year, - noted in Mozilla. |
Here is a list of domains to which "surveillance" is assigned by July 23, 2019:
- android.com
- messages.android.com
- goo.gl
- google.com
- www.google.com
- allo.google.com
- dns.google.com
- docs.google.com
- encrypted.google.com
- mail.google.com
- news.google.com
- picasa.google.com
- plus.google.com
- sites.google.com
- translate.google.com
- video.google.com
- groups.google.com
- hangouts.google.com
- youtube.com
- www.youtube.com
- facebook.com
- www.facebook.com
- messenger.com
- www.messenger.com
- instagram.com
- www.instagram.com
- cdninstagram.com
- twitter.com
- vk.com
- vk.me
- vkuseraudio.net
- vkuservideo.net
- mail.ru ok.ru
- rukoeb.com
- sosalkino.tv
- tamtam.chat
Kazakhstan introduces mandatory installation of national root safety certificate
On July 19, 2019, it became known that telecom-operators Kazakhstan they began to notify customers of the need to install a special safety Qaznet certificate on all subscriber units access with in. Internet This was announced portal Tengrinews.kz.
Some Tele2 and Beeline subscribers received SMS messages with the corresponding notification. The operators Kcell and Soundposted messages of similar content and instructions for installing the certificate on their official sites.
The certificate recommended for installation "was developed in Kazakhstan and provided by an authorized state body" and "will protect Kazakhstani Internet users from hacker attacks and viewing illegal content," the Kcell provider's website said.
According to CNews, users are invited to download the certificate from the site qca.kz. This domain name is registered to a private person - a certain Askar Dyussekeyev from the city of Nur-Sultan (formerly Astana). The address of the owner coincides with the address of the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan.
The Kcell operator also warns that in the absence of a certificate, users may encounter problems accessing individual Internet resources. Indeed, according to some users from the capital of Kazakhstan, without installing a certificate, it is impossible to go to sites that force the use of safe protocol HTTPS using the HSTS mechanism. There are most such sites. Instead of the requested site, providers issue a stub page calling for the installation of a certificate.
According to Ablaikhan Ospanov, Vice Minister of Digital Development, Innovation and Aerospace Industry of Kazakhstan, residents of the republic are not obliged to establish certificates, they are only given a similar opportunity, laid down by law.
The installation of a national root security certificate on the devices of residents of Kazakhstan will allow the owner of this certificate to intercept, decrypt and modify the HTTPS user traffic protected by cryptography before further sending to the destination node, that is, to carry out the so-called intermediary attack - MITM (Man in the middle, "man in the middle").
Taking into account the statement of the Kcell operator that the certificate was developed by an "authorized state body," it can be assumed that such opportunities can be used by the Kazakh authorities to gain access to information that citizens exchange over the Internet, according to CNews. However, not only state structures, but also attackers who have nothing to do with them will be able to follow users. According to the president of the Internet Association of Kazakhstan Shakvat Sabirov, whose words the Tengrinews.kz quotes, "if for any reason, no matter the technical or human factor, this certificate will be stolen or hacked, then the attackers will get absolutely all the information about the users and data that use this certificate."
As of July, 2019 on the basis of the bug tracker (system of tracking mistakes) brauzeramozilla Firefox is conducted by representatives of Internet community and developers discussion of a possibility of addition of the certificate in "black list" and introduction of the ban on its manual installation thus to protect users from Kazakhstan from shadowing from the authorities.[6]
Government of Kazakhstan began to intercept all HTTPS traffic in the country
On July 17, 2019 government Kazakhstan _. D0.9F.D1.80.D0.B0.D0.B2.D0.B8.D1.82.D0.B5.D0.BB. D1.8C.D1.81.D1.82.D0.B2.D0.BE_.D0.9A. D0.B0.D0.B7.D0.B0.D1.85.D1.81.D1.82.D0.B0.D0.BD.D0.B0_.D0.BD. D0.B0.D1.87.D0.B0.D0.BB.D0.BE_.D0.BF. D0.B5.D1.80.D0.B5.D1.85.D0.B2.D0.B0.D1.82.D1.8B.D0.B2.D0.B0.D1.82.D1.8C_.D0.B2.D0.B5.D1.81.D1.8C_HTTPS-.D1.82.D1.80.D0.B0.D1.84.D0.B8.D0.BA_.D0.B2_.D1.81.D1.82.D1.80.D0.B0.D0.BD. D0.B5 began to intercept all Internet traffic HTTPS in the country. For this, local telecommunication operators were obliged to force users to all their devices and browsers to a special certificate developed by the authorities.
After installing the certificate, government authorities of Kazakhstan will be able to decrypt users' HTTPS traffic, view its content, encrypt it again using their certificate and send it as intended. This allows the Government of Kazakhstan to easily monitor the actions of its citizens on the Internet.
According to ZDNet, users who have been trying to access the Internet since July 17, 2019 are redirected to web pages that contain instructions for installing the root state certificate in browsers for mobile devices and computers.
Majilis of Kazakhstan approved ban of anonymous comments
The Majilis of the Parliament of the Republic of Kazakhstan approved amendments to the legislation on information and communications, obliging owners of Internet resources to conclude a written agreement with their readers in order to be able to publish comments under articles and information.
In particular, Art. 36 of the law is supplemented by[7]) paragraph 5-1, according to which "the provision by the owner or owner of a publicly available electronic information resource of a user placement service is carried out on the basis of an agreement concluded in writing (including electronic), using the identification on the "e-government" portal or through the user's subscriber number registered on the public information electronic resource by sending a short text message containing a one-time password for concluding[8].
It is planned that the information is posted by the user under his own name or alias. Depersonalization of personal data is carried out on the basis and in the order determined by the agreement.
The owner of the Internet resource is obliged to keep the information used at the conclusion of the contract for the entire period of its validity, and for three months in the event of termination of the agreement.
2017: Kazakhstan wants to ban anonymous comments on the Web
Minister of Information and Communications of Kazakhstan Dauren Abayev prepared a video in September 2017 explaining those initiatives that are proposed to be introduced into the work of the republican media[9].
Officials plan to introduce a whole list of changes to the legislation of the republic that will affect the work of the media. The most controversial and discussed comments Dauren Abaev, reports MIA Kazinform.
In the next video, he explained that the proposed ban on anonymous comments on the Internet is designed to discipline Web users and remind them that they are responsible for everything written. The minister does not believe that the need to indicate his name will lead to the end of freedom of speech on the Internet.
Another resonant amendment is the ban on the dissemination of personal data of children under 16 who have committed crimes of mild or moderate severity. According to the official, the indication in the media of personal information about the child may negatively affect his future life.
The Ministry proposes, as well as data on minors and offenders, to legally protect against the dissemination in the media without the consent of a citizen of facts that relate to personal, family, medical, banking, commercial secrets.
2016
Prosecutor's Office of Kyzylorda region of Kazakhstan in 2016 blocked access to 39 posts on social networks
The prosecutor's office of the Kyzylorda region of Kazakhstan in 2016 for posting illegal content blocked access to 39 posts on Facebook and VKontakte, as well as to 25 video hosting channels, YouTube the official website of the department reports kzl.prokuror.kz.
A press release on the results of the supervisory activities of the prosecutor's office says: "According to the results of monitoring the Internet (following the results of 2016 - approx. DR[10]) we have initiated blocking access to 39 publications provoking national and religious intolerance on popular social networks Facebook and VKontakte, as well as 25 video hosting channels YouTube, which publish materials that negatively affect the moral and spiritual development of minors. "
In Kazakhstan and earlier, social networks were called one of the popular sources of involvement in extremist organizations, and the agitation of new adherents of non-traditional religious directions in them is massive and is under the constant control of law enforcement agencies of the republic.
Kazakhstan intensifies counter-extremism and terrorism through ICT
In Kazakhstan, deputies of the upper house of parliament adopted amendments to the bill in December 2016, which regulates the tightening of measures to combat terrorism and extremism, including in the ICT sector[11]
The draft law "On amending and supplementing certain legislative acts of the Republic of Kazakhstan on combating extremism and terrorism" was approved by the parliamentarians of Kazakhstan.
The document, according to the deputy chairman of the National Security Committee, Marat Kolkobaev, "is aimed at strengthening criminal and administrative responsibility for extremism and terrorism." So, according to the bill, law enforcement agencies that are engaged in operational-search activities on communication networks will have the opportunity to suspend the operation of communications and networks in the event that actions in them may entail the commission of serious and especially serious crimes. It is planned that the amendments will also affect the creation of a single base of IMEI codes of all devices that function and are imported into Kazakhstan, as well as the introduction of their registration.
See also
- Censorship (control) on the Internet. Experience of Russia
- Censorship (control and anonymity) on the Internet. World experience
- Censorship (control) on the Internet. China Experience
Notes
- ↑ Scheduled Internet and manual disconnections: how to block communication in Kazakhstan
- ↑ Apple, Google, Microsoft, and Mozilla ban Kazakhstan's MitM HTTPS certificate
- ↑ Kazakhstan government is intercepting HTTPS traffic in its capital
- ↑ Kazakhstan halts introduction of internet surveillance system
- ↑ KAZAKHSTAN'S HTTPS INTERCEPTION
- ↑ In Kazakhstan, they will block the Internet to everyone who does not connect state spyware
- ↑ pos = 601; -103 Dossiers on the draft Law of the Republic of Kazakhstan "On Amending and Supplementing Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications" (May 31, 2017
- ↑ an agreement "In Kazakhstan, anonymous comments on the Internet will be prohibited
- ↑ In Kazakhstan, they want to ban anonymous comments on the Web
- ↑ Prosecutor's Office of Kyzylorda region of Kazakhstan in 2016 blocked access to 39 posts on social networks
- ↑ , Kazakhstan is increasing its opposition to extremism and terrorism using ICT.