MITM on HTTPS traffic in Kazakhstan

in General Write a comment

Since today, all the citizens in the Republic of Kazakhstan are asked by the internet providers to install a government-issued certificate (Qaznet Trust Certificate) on all the devices.

This was first announced in 2015 by the national telecom monopolist and was actively discussed on HackerNews.

Below are the screenshots of the 3 most popular internet providers. They all have links to the manual pages (how to install that certificate) on their homepages.

Proof

KCELL

Beeline

TELE2

What will happen if you install it

When you install this root certificate on your device, your once secured HTTPS traffic will no longer be so. It can be decrypted by the man-in-the-middle attack (MITM), which is the government.


Hi, I'm Renat 👋

 


MITM is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. [Wikipedia]

That means if you install a root certificate on your device, attacker (or the government in this case) will be able to intercept your traffic.

Why are they going that

Their answer: “Due to the increase of identity and personal data theft, including stealing money from bank accounts, introduced a security certificate as an effective tool to protect the country’s information space from hackers, online fraudsters and other types of cyber threats.”

Why are they really doing that

  • To spy on the citizens.

There is no freedom of speech in Kazakhstan. Kazakh authorities blocking news sites, social media apps, including Whatsapp, Facebook, Instagram and YouTube almost daily at the exact time when the government opposition is having a live stream.

What can we do

  1. Raise global awareness. To reach Google, Mozilla, Microsoft, Apple, banks and all the other popular platforms and social media apps and ask them to ban connections with the government-issued certificate. This will immediately block their services and will raise global awareness.
  2. Meanwhile, do not install it. It’s most likely that nothing will happen if you do not install this root certificate.

Cheers,
Renat Galyamov

Want to share this with your friends?
👉renatello.com/mitm-in-kazakhstan

A collection of UI components for
Bootstrap 4/5 and Vue.js

Get now

Write a Comment

Comment