Kazakhstan Government Filtering Civilian Internet Browsing
North Korea, China, and Iran, just three countries that we can easily remember as having government regimes that seriously censor the Internet. These territories implement state-level Internet traffic filtering that the motherland deems inappropriate for her citizens to view. These nations wish to be free from western influence as much as possible in order to secure their respective cultural heritage and well being. Kazakhstan, a former member of the USSR is set to join that list of nations that enforce active Internet filtering starting July 17, 2019.
But unlike North Korea and China that uses a state-level firewall to do the actual filtering, Kazakhstan is set to use a state-issued digital certificate that ISPs are legally compelled to install to their customer’s web browsers as part of the contract. The digital certificate that needs to be installed will overwrite the one that comes with the operating system, this enables the Kazakhstan regime to actually decrypt the traffic of websites for “telemetry purposes”.
Anyone from Kazakhstan will not be able to browse the Internet until they yield to the regime’s demand for installing the government-issued root certificate. An initial visit to any website from any browser brand and device will redirect the user to a webpage providing a step-by-step procedure for installing the root certificate. The exact webpage where the users will be redirected is totally dependent on the ISP subscription. Beeline customers are redirected here, while Kcell subscribers are forwarded to this site.
The Ministry of Digital Development, Innovation, and Aerospace of Kazakhstan underscored the need for everyone that has not installed the root certificate to be denied Internet access across the country. The Ministry highlighted that this new rule is needed in order to protect individuals, companies and government agencies operating in the country from cybercriminals, online scammers and hackers.
This is the first time that the Kazakhstan government has successfully rolled-out its long-term plan to monitor Internet traffic for the whole nation. The last attempt has failed to gather support, in fact, the regime even received lawsuits not only from ISPs, but also private organizations, the Kazakh’s banking industry as well foreign companies who argued that such plan was counterproductive, and it will only set to further dilute the already weak Internet defenses of the country.
Kazakhstan regime even went out of its way to request Mozilla in 2015 to install their root certificate in the default Firefox root-store, it was immediately denied by the latter citing certificates can only be used by the organization that owns the domain: “Completing a successful BR audit would mean that the auditor ensured the CA meets the requirements for validating that the certificate subscriber owns/controls the domain name(s) to be included in the certificate.” said Mozilla in its official bug tracking site.
Major browser vendors have not yet issued their official statement on how to react with the Kazakhstan-issued root certificate. This needs to be resolved soon, as the Kazakhstan government may not allow anyone to visit Kazakhstan sites without installing the mentioned root certificate. This will have huge ramification for the whole Internet as outside users try to visit Kazakhstan website.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.