IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Kazakh government will intercept the nation’s HTTPS traffic

The latest authoritarian attempt to regulate web usage involves launching MitM attacks against every citizen

Internet service providers (ISPs) based in Kazakhstan are being instructed to force their users to install government-issued root certificates on their devices to allow agencies to intercept web traffic.

The increasingly-widespread Hyper Text Transfer Protocol Secure (HTTPS) refers to the transmission of data, ordinarily channelled via HTTP, sent instead over an encrypted connection. It's said to raise the level of security and privacy for web users.

The Kazakh government, however, has taken concrete steps towards bypassing this added layer of protection by launching an encryption-busting Qaznet Trust Certificate in the nation's capital Nur-Sultan, according to local media. This is more commonly known in security circles as a man in the middle (MiTM) attack.

When users install the certificate, government agencies are allowed to decrypt the HTTPS internet traffic, examine its contents, and re-encrypt the information with the certificate once more before it's sent to its destination.

The measures may undermine user privacy, with agencies now able to assess the websites a user visits, but the government has justified this by citing security concerns. One advantage, the vice-minister for digital development Ablaykhan Ospanov has claimed, is that it blocks users from visiting known phishing sites.

One Kazakh-based provider, Kcell JSC, has also published an advisory page explaining how users can install the root certificate onto their devices, blocking internet access to devices that haven't implemented the tool.

"The security certificate will help protect the information systems and data, as well as to detect hacker and cyber-attacks of the Internet fraudsters on the country's information space, private and banking sector before they can cause damage," the advisory said.

"The security certificate is a set of digital characters used to transfer traffic that contains protocols supporting encryption. Thus, it will allow local Internet users to be protected from hacker attacks and viewing illegal content."

The move was first attempted in 2015 but ended in failure after a host of organisations took legal action against the Kazakh administration.

In light of these developments, web developers have rekindled an old thread on Google Groups in which they're discussing Kazakhstan's measures and how to protect users from such "attacks".

The advent of the internet has been a thorn in the side of authoritarian regimes due to its inherently open nature. Governments of all stripes from across the world have attempted to control its citizens' use of the web in one flavour or another throughout recent history.

The Russian government, for example, has suggested taking the extreme step of building its own iteration of the world wide web. President Vladimir Putin rolled out plans in February to build its own self-sufficient segments to avoid foreign interference, according to Reuters.

China has held longstanding ambitions to build its own search engine with Google roped into a controversial programme known as 'Project Dragonfly'. The project, which was recently shelved, aimed to build its version of the world-famous engine designed to work within the strict parameters of censorship law.

Even the UK's Conservative government has faced criticism from privacy campaigners for its plans to order ISPs to implement automatic content blocking for certain websites.

Under the government's proposals, providers will task the British Board of Film Classification (BBFC) with implementing age checks on websites of which more than a third of the content is deemed 'pornographic'.

Although these plans were announced more than five years ago, they have failed to materialise and suffered several delays due to continued legal and technical concerns.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022