From 48c54128df7183a3794de61d4805d0a5e41c2719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Wed, 16 Oct 2024 00:40:00 +0200 Subject: [PATCH] Update the TLS MiTM sectiom based on input from dcf (#1615) * Update the TLS MiTM sectiom based on input from dcf * Add more certificate links and note about the root CA issuance times * Minor edits to TLS MITM section * Minor edit to KZ report * Integrate text shared by IFKZ * Update Key Findings * Edit Conclusion --------- Co-authored-by: Maria Xynou --- content/post/2024-kazakhstan-report/index.md | 214 +++++++++++-------- 1 file changed, 121 insertions(+), 93 deletions(-) diff --git a/content/post/2024-kazakhstan-report/index.md b/content/post/2024-kazakhstan-report/index.md index 84d30eac..02121bad 100644 --- a/content/post/2024-kazakhstan-report/index.md +++ b/content/post/2024-kazakhstan-report/index.md @@ -16,7 +16,7 @@ In this report, we share OONI censorship measurement findings and relevant legal ## **Key Findings** Our analysis of [OONI data](https://explorer.ooni.org/chart/mat?test_name=web_connectivity&axis_x=measurement_start_day&since=2023-06-01&until=2024-06-01&time_grain=day&probe_cc=KZ) collected from Kazakhstan over the past year (between 1st June 2023 to 1st June 2024) reveals the following: -* **TLS Man-In-The-Middle (MITM) attacks.** We [documented the use of the latest government-mandated root certificate authority (CA)](https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06) – and its use to emit 6 distinct intermediate certificates – that were used to carry out TLS man-in-the-middle (MITM) attacks, targeting at least 14 distinct domain names on at least 19 different networks in Kazakhstan. +* **TLS Man-In-The-Middle (MITM) attacks.** In [OONI data](https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06) collected from Kazakhstan between 2021 to 2024, we found 7 distinct intermediate certificates signed by 4 distinct root CAs being used to carry out TLS man-in-the-middle (MITM) attacks, targeting at least 14 distinct domain names on at least 19 different networks in Kazakhstan. * **Blocking of at least 17 news media websites.** [OONI data](https://explorer.ooni.org/search?probe_cc=KZ&test_name=web_connectivity&since=2023-06-01&until=2024-06-01&failure=false&category_code=NEWS&only=anomalies) shows the blocking of: * Many **Russian** news media websites (such as the [Russian TV Channel Tsargrad](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity&domain=kz.tsargrad.tv), [Sputnik and Pogrom](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity&domain=sputnikipogrom.com), the [360 Russian satellite TV channel](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity&domain=360tv.ru), and the [Ferghana Information Agency](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity&domain=fergana.media)); * A few **Kyrgyz** news media websites ([Kloop](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity&domain=kloop.kg) and [Centralasia.media](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity&domain=centralasia.media)); @@ -423,157 +423,157 @@ The above charts suggest that internet users in Kazakhstan might be able to circ **Chart:** OONI Probe testing of `www.torproject.org` and `psiphon.ca` on multiple networks in Kazakhstan between 1st June 2023 to 1st June 2024 (source: [OONI data](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2023-06-01&until=2024-06-01&time_grain=day&axis_x=measurement_start_day&axis_y=domain&test_name=web_connectivity&domain=www.torproject.org%2Cpsiphon.ca)). -### **TLS Man-In-The-Middle (MITM) attacks** +### **TLS Man-In-The-Middle (MITM) attacks** -As part of our analysis, we found [evidence in OONI data](https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc) that Kazakhstan’s government mandated root certificate authority was being used to implement TLS man-in-the-middle (MITM) attacks targeting a set of domains. +Normally most web traffic is made secure using TLS, which is a technology that ensures your connection to a particular server is encrypted. When a government deploys a TLS man-in-the-middle (MITM) attack, they are able to not only block access to the service, but to also break the encryption. This allows them to gain access to the content of the communication of the user to the site or service, bypassing the layer of encryption. This will only work if a user has installed on their computer the government mandated root certificate authority, which is what browsers use to verify if the certificate presented by the server is issued by a known trusted authority. -Specifically, OONI data from Kazakhstan shows that the following domains were targeted by TLS MITM attacks: +According to [Internet Freedom Kazakhstan](https://ifkz.org/), a security certificate with MITM technology was proposed for implementation in Kazakhstan in 2016, and the relevant amendments to the Law "On Communications" were adopted. In December 2020, during the cyber exercises "[Information Security Nur-Sultan-2020](https://www.gov.kz/memleket/entities/mdai/press/news/details/132113)", users in Kazakhstan were sent SMS messages with information about installing a security certificate to maintain access to foreign internet resources. -``` +Ramil Bektemirov, a representative of JSC State Technical Service, at a briefing on the exercises held in Astana in 2020, [answered](https://drfl.kz/ru/anonymity-in-kazakhstan/) a question about the use of MITM technology in a security certificate: *“The [MITM] technology is indeed used in the solution. This technology is used not only by us, but also by leading manufacturers of network protection equipment. They include functionality in this solution in order to inspect traffic. We understand that now 70% of our traffic is encrypted. And in order to inspect it, to see prohibited content that will need to be blocked, without this technology it is impossible”*. -360tv.ru +Kazakhstan has been known to use at least 4 different root CAs, which we summarize in the following table: -astrakhan.sm.news +| Common Name | Not Valid Before | Not Valid After | Links | +| ----------------------------------------------- | ------------------------ | ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| НЕГІЗГІ КУӘЛАНДЫРУШЫ ОРТАЛЫҚ | Jul 27 04:47:00 2015 GMT | Jul 27 04:47:00 2020 GMT | [mozilla.dev.security.policy thread](https://groups.google.com/g/mozilla.dev.security.policy/c/wnuKAhACo3E) • [mozilla bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1229827) | +| Qaznet Trust Network | Feb 2 05:41:00 2016 GMT | Feb 2 05:41:00 2046 GMT | [net4people bbs thread](https://github.com/net4people/bbs/issues/6) • [censoredplanet report](https://censoredplanet.org/kazakhstan) • [archive.org cert](https://archive.org/details/qazca-ca-certificate) • [mozilla bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1567114) • [mozilla blog post](https://blog.mozilla.org/security/2019/08/21/protecting-our-users-in-kazakhstan/) | +| Information Security Certification Authority CA | Feb 28 04:08:03 2020 GMT | Feb 28 04:08:03 2040 GMT | [net4people bbs thread](https://github.com/net4people/bbs/issues/56) • [censoredplanet post](https://censoredplanet.org/kazakhstan/live) • [archive.org cert](https://archive.org/details/isca-ca-certificate) • [mozilla bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1680927) • [mozilla blog post](https://blog.mozilla.org/netpolicy/2020/12/18/kazakhstan-root-2020/) | +| Information Security Certification Authority | Feb 28 06:16:40 2020 GMT | Feb 28 06:16:40 2050 GMT | [net4people bbs thread](https://github.com/net4people/bbs/issues/339) • [ntc.party thread](https://ntc.party/t/https-mitm-in-kazakhstan-starting-2024-02-07/7405) • [crt.sh cert #1](https://crt.sh/?d=11106964945)•[crt.sh cert #2](https://crt.sh/?d=4739909320)•[crt.sh cert #3](https://crt.sh/?d=14682080594)•[crt.sh cert #4](https://crt.sh/?d=12281942153) • [mozilla bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1864724) | -compromat.ru +As part of our analysis, we found [evidence in OONI data](https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc) that Kazakhstan’s government mandated root certificate authority was being used to implement TLS man-in-the-middle (MITM) attacks targeting a set of domains. -cont.ws +Specifically, OONI data from Kazakhstan shows that the following 14 domains were targeted by TLS MITM attacks: +``` +360tv.ru +astrakhan.sm.news +compromat.ru +cont.ws knews.kg - kz.tsargrad.tv - regnum.ru - rutracker.org - sproot.it - stanradar.com - ukraina.ru - www.for.kg - www.pinterest.com - xakep.ru - ``` -We are able to conclude that this is indeed a TLS MITM and not just DNS tampering leading to a page which contains an invalid certificate, since we were able to establish that the IP returned as part of DNS resolution is DNS consistent (in comparison to the IP returned from control measurements) . +We are able to conclude that this is indeed a TLS MITM and not just DNS tampering leading to a page which contains an invalid certificate, since we were able to establish that the IP returned as part of DNS resolution is DNS consistent (in comparison to the IP returned from control measurements). In previous years, TLS MITM attacks in Kazakhstan were reported in [news outlets](https://www.zdnet.com/article/kazakhstan-government-is-intercepting-https-traffic-in-its-capital/) and at the time, Mozilla took actions to explicitly [block that particular root CA](https://blog.mozilla.org/netpolicy/2020/12/18/kazakhstan-root-2020/) from working in their browser. -However, it’s worth noting that we found a **different and new root CA** than that which was [previously reported by Censored Planet in 2019](https://censoredplanet.org/assets/Kazakhstan.pdf) and which, at the time, was [added to the OneCRL list for revoking untrusted root CAs](https://bugzilla.mozilla.org/show_bug.cgi?id=1680927). +At least [7 more root CAs with common name Information Security Certification Authority](https://crt.sh/?q=Information+Security+Certification+Authority) exist: -The specific intermediate certificate that we found to be signed by the [latest root certificate](https://isca.gov.kz/) has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050. +* https://crt.sh/?id=4833570779 +* https://crt.sh/?id=4739909320 +* https://crt.sh/?id=4633597326 +* https://crt.sh/?id=3967758934 +* https://crt.sh/?id=12281942153 +* https://crt.sh/?id=11106964945 +* https://crt.sh/?id=14682080594 -This root certificate is actually slightly different from the one reported by news outlets and linked in the previous Mozilla issue tracker, but has also since been added to the [Firefox OneCRL](https://bugzilla.mozilla.org/show_bug.cgi?id=1680927) to make it ineffective in all Firefox browsers. +In order to identify which was used to sign the intermediates seen in OONI +measurements we ran [this script](https://gist.github.com/hellais/f2f95cf4b397fe6cb9fec7f966668a8e). -Based on OONI data, we were able to confirm that this root CA was being used to sign intermediate certificates that were then being used to **carry out MITM attacks targeting users in Kazakhstan on at least 19 different networks and at least 14 distinct domain names**. +In OONI data collected from Kazakhstan between 2021 to 2024, we found **7 distinct intermediate certificates** signed by **4 distinct root CAs** being used to carry out the TLS MITM. Each of these certificates has a relatively short duration period of validity of 75 days. This means that in order for the certificate chain to continue functioning properly, they would have to re-emit a new intermediate from their root CA at least every 74 days. -Specifically, we found evidence of a TLS MITM on the following networks: +The root CAs we found used to sign intermediates in OONI data -- while different from that [previously reported by Censored Planet in 2019](https://censoredplanet.org/assets/Kazakhstan.pdf) and which, at the time, was [added to the OneCRL list for revoking untrusted root CAs](https://bugzilla.mozilla.org/show_bug.cgi?id=1567114) -- are also present in the OneCRL list for Mozilla. The fact that they are part of the [OneCRL for Mozilla](https://crt.sh/mozilla-onecrl) means that their use is ineffective when accessed from a Firefox browser. -* Uplink LLC (AS8200) -* TimeWeb Ltd. (AS9123) -* JSC Kazakhtelecom (AS9198) -* “Mobile Business Solution" MBS LLP (AS15736) -* Kar-Tel LLC (AS21299) -* Kcell JSC (AS29355) -* Mobile Telecom-Service LLP (AS29555) -* Jusan Mobile JSC (AS35104) -* JSC Alma Telecommunications (AS39824) -* BTcom Infocommunications Ltd. (AS41124) -* JSC Transtelecom (AS41798) -* OBIT-telecommunications, LLC (AS43370) -* SMARTNET TOO (AS43994) -* STARK INDUSTRIES SOLUTIONS LTD (AS44477) -* ForteBank JSC. (AS48502) -* Mobile Telecom-Service LLP (AS48503) -* PS Internet Company LLP (AS48716) -* JSC Kazakhtelecom (AS50482) -* Kar-Tel LLC (AS206026) - -The fact that so many distinct ISPs are implementing the MITM using the same certificate seems to suggest a high level of coordination amongst distinct providers and a fairly high level of compliance. - -In OONI data collected from Kazakhstan between 2023 to 2024, we found **6 distinct intermediate certificates** being used to carry out the TLS MITM. Each of these certificates has a relatively short duration period of validity of 75 days. This means that in order for the certificate chain to continue functioning properly, they would have to re-emit a new intermediate from their root CA at least every 74 days. - -The specific intermediates we found in our data are the following: - -[https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06](https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06) +The following list summarizes the intermediates seen in OONI measurements and the relevant root CA used to sign them: +[OONI measurement](https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06) ``` Fingerprint: c0e15a945595372030f0d45938ebb6081bb39fb5 - Serial: 542829070264121061358597976201233251364726286334 - Not valid before: 2021-06-18 12:54:34 - Not valid after: 2021-09-01 12:54:34 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Cert: https://crt.sh/?d=4739909320 +Root CA Fingerprint: fabda72fa1f620c160420a496194b61f82a01b4a +Root CA Serial: 212762436239719553268722926518842178639864163027 +Root CA Not valid before: 2020-02-28 06:46:02 +Root CA Not valid after: 2040-02-28 06:46:02 ``` -[https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc](https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc) - +[OONI measurement](https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc) ``` Fingerprint: 90f9aa29195ecbfbf2c943ab1d5102f3ec84a68c - Serial: 600636309019776433832878055409971857043873967144 - Not valid before: 2021-08-19 12:39:14 - Not valid after: 2021-11-02 12:39:14 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Unknown ``` - -[https://explorer.ooni.org/m/20231016130600.035487_KZ_webconnectivity_4a5c38a0f8bea740](https://explorer.ooni.org/m/20231016130600.035487_KZ_webconnectivity_4a5c38a0f8bea740) - +[OONI measurement](https://explorer.ooni.org/m/20231016130600.035487_KZ_webconnectivity_4a5c38a0f8bea740) ``` Fingerprint: 8634ecaefb5d02463d2a9ce42178001154752561 - Serial: 293697198316360729812453916520636458008892047728 - Not valid before: 2023-08-09 06:33:35 - Not valid after: 2023-10-23 06:33:35 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Cert: https://crt.sh/?d=11106964945 +Root CA Fingerprint: ea5d093c312e1a516937e153c06c2d82127b47d6 +Root CA Serial: 394571478723635638549382697435194886177070445336 +Root CA Not valid before: 2020-02-28 05:39:51 +Root CA Not valid after: 2050-02-28 05:39:51 ``` - -[https://explorer.ooni.org/m/20240317052821.044604_KZ_webconnectivity_3752cbf5dac624e9](https://explorer.ooni.org/m/20240317052821.044604_KZ_webconnectivity_3752cbf5dac624e9) - -``` -Fingerprint: dfcd9dcb64edd86e333ad6247e2deda7dcf10ebd - -Serial: 621829445753241691614495298860851878603068917060 - -Not valid before: 2023-11-28 11:24:53 - -Not valid after: 2024-02-11 11:24:53 -``` - -[https://explorer.ooni.org/m/20231118140134.149173_KZ_webconnectivity_a93dfc958ab79ec2](https://explorer.ooni.org/m/20231118140134.149173_KZ_webconnectivity_a93dfc958ab79ec2) - +[OONI measurement](https://explorer.ooni.org/m/20231118140134.149173_KZ_webconnectivity_a93dfc958ab79ec2) ``` Fingerprint: cb074692a22395fa615a89a86d877c9abc034867 - Serial: 203432698505598047390349427507107109607746033885 - Not valid before: 2023-11-02 09:03:07 - Not valid after: 2024-01-16 09:03:07 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Cert: https://crt.sh/?d=11106964945 +Root CA Fingerprint: ea5d093c312e1a516937e153c06c2d82127b47d6 +Root CA Serial: 394571478723635638549382697435194886177070445336 +Root CA Not valid before: 2020-02-28 05:39:51 +Root CA Not valid after: 2050-02-28 05:39:51 ``` - -[https://explorer.ooni.org/m/20240418133819.497733_KZ_webconnectivity_bd3a0d69cd5e8aca](https://explorer.ooni.org/m/20240418133819.497733_KZ_webconnectivity_bd3a0d69cd5e8aca) - +[OONI measurement](https://explorer.ooni.org/m/20240317052821.044604_KZ_webconnectivity_3752cbf5dac624e9) +``` +Fingerprint: dfcd9dcb64edd86e333ad6247e2deda7dcf10ebd +Serial: 621829445753241691614495298860851878603068917060 +Not valid before: 2023-11-28 11:24:53 +Not valid after: 2024-02-11 11:24:53 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Cert: https://crt.sh/?d=12281942153 +Root CA Fingerprint: 1375ebdcf56359aae0423e861ac8fc6231511ce6 +Root CA Serial: 285540385527369649610289916863209926796774245522 +Root CA Not valid before: 2020-02-28 06:16:40 +Root CA Not valid after: 2050-02-28 06:16:40 +``` +[OONI measurement](https://explorer.ooni.org/m/20240418133819.497733_KZ_webconnectivity_bd3a0d69cd5e8aca) ``` Fingerprint: 5d54c6afa4fd4685359875595565ae9f8caab914 - Serial: 499633659418679795571951434192241531137344178316 - Not valid before: 2024-03-20 05:50:15 - Not valid after: 2024-06-03 05:50:15 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Unknown +``` +[OONI measurement](https://explorer.ooni.org/m/20240901151413.637888_KZ_webconnectivity_c351db70f739197a) +``` +Fingerprint: 76e9f2a52c149586be8f389d8a71ac41d3f423d1 +Serial: 414124517712191942334357388114692622770498879745 +Not valid before: 2024-08-23 10:46:59 +Not valid after: 2024-11-06 10:46:59 +Issuer: C=KZ,O=ISCA,CN=Information Security Certification Authority +Root CA Cert: https://crt.sh/?d=14682080594 +Root CA Fingerprint: bfd7f531eca8e3d65b4738167b160b7a95a8d894 +Root CA Serial: 618155106210402083740770170610017403616935751280 +Root CA Not valid before: 2020-02-28 07:04:41 +Root CA Not valid after: 2050-02-28 07:04:41 ``` -What’s quite surprising from the above time ranges is that it’s quite apparent that there is a gap in between the renewal of the certificates. Based on OONI data, we were able to confirm that even if internet users in Kazakhstan were to have installed the root certificate, as directed by the government, they would still have received certificate validation errors between 2nd November 2011 and 9th August 2023. Shorter windows of invalidity for the certificate can be observed between 23rd October 2023 and 28th November 2023, and then between 11th February 2024 and 20th March 2024. +While these are all technically different root CAs, we are considering them all part of the same incident in the table at the beginning of this section labeled as "Information Security Certification Authority" since they all share the same common name. + +The root CAs seem to all share a very close issuance time, which seems to suggest that they may have all been generated in batch at some point in time to then rotate them over time as they get included inside of CRL lists. + +Regarding the validity times of the intermediate certificates, it’s quite apparent that there is a gap in between the renewal of the certificates. Based on OONI data, we were able to confirm that even if internet users in Kazakhstan were to have installed the root certificate, as directed by the government, they would still have received certificate validation errors between 2nd November 2011 and 9th August 2023. Shorter windows of invalidity for the certificate can be observed between 23rd October 2023 and 28th November 2023, and then between 11th February 2024 and 20th March 2024. What can be seen from the chart below is that these intermediate certificates were spotted in the wild and **being used to perform MITM even during periods of certificate invalidity**. @@ -583,6 +583,32 @@ This suggests that if users were to attempt to visit the sites affected by the M It’s unclear to us why they went through the hassle of telling users to install the root CA, but then failed to keep the intermediates up to date in order to effectively carry out a MITM attack, even when users were fully compliant with government orders. We can only speculate that this is either due to some misconfiguration in the periodic renewal task (although for the first certificate we see the time window of invalidity is almost 2 years), or that for 3 times they forgot to renew their certificates on time. +Based on OONI data, we were able to confirm that this root CA was being used to sign intermediate certificates that were then being used to **carry out MITM attacks targeting users in Kazakhstan on at least 19 different networks and at least 14 distinct domain names**. + +Specifically, we found evidence of a TLS MITM on the following 19 networks: + +* Uplink LLC (AS8200) +* TimeWeb Ltd. (AS9123) +* JSC Kazakhtelecom (AS9198) +* “Mobile Business Solution" MBS LLP (AS15736) +* Kar-Tel LLC (AS21299) +* Kcell JSC (AS29355) +* Mobile Telecom-Service LLP (AS29555) +* Jusan Mobile JSC (AS35104) +* JSC Alma Telecommunications (AS39824) +* BTcom Infocommunications Ltd. (AS41124) +* JSC Transtelecom (AS41798) +* OBIT-telecommunications, LLC (AS43370) +* SMARTNET TOO (AS43994) +* STARK INDUSTRIES SOLUTIONS LTD (AS44477) +* ForteBank JSC. (AS48502) +* Mobile Telecom-Service LLP (AS48503) +* PS Internet Company LLP (AS48716) +* JSC Kazakhtelecom (AS50482) +* Kar-Tel LLC (AS206026) + +The fact that so many distinct ISPs are implementing the MITM using the same certificate seems to suggest a high level of coordination amongst distinct providers and a fairly high level of compliance. + ## **Legal environment** Absolute freedom of expression is not allowed in Kazakhstan. However, Article 5 of the [Constitution of the Republic of Kazakhstan](https://online.zakon.kz/Document/?doc_id=1005029) proclaims that: ‘Ideological and political diversity shall be recognised in the Republic of Kazakhstan’. At the same time, the exercise of human and civil rights and freedoms must not violate the rights and freedoms of other persons, or infringe on the constitutional order and public morality. Propaganda or agitation for a violent change in the constitutional order, violation of the integrity of the Republic, undermining the security of the state, war, social, racial, national, religious, class and tribal superiority, as well as the cult of cruelty and violence are not allowed (Articles 12, 20 of the Constitution of the Republic of Kazakhstan). @@ -1068,10 +1094,12 @@ Circumventing internet censorship in Kazakhstan can potentially be challenging, The results of our analysis show that most ISPs in Kazakhstan appear to implement blocks by means of **TLS interference**, specifically by [timing out the session after the Client Hello message during the TLS handshake](https://explorer.ooni.org/m/20240514233718.029308_KZ_webconnectivity_007c5a9f4031213d). This suggests the potential use of Deep Packet Inspection (DPI) technology to detect (and block access to) hostnames (likely included in some blocklist) that are specified in the (unencrypted) Client Hello message of TLS handshakes. As the timing of the blocks and the types of URLs blocked are (mostly) consistent across networks, ISPs in Kazakhstan likely implement blocks in a coordinated manner (based on government orders). -Notably, we [documented the use of the latest government-mandated root certificate authority (CA)](https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06) – and its use to emit 6 distinct intermediate certificates – that were used to carry out **TLS man-in-the-middle (MITM) attacks, targeting at least 14 distinct domain names on at least 19 different networks in Kazakhstan**. We found that these intermediate certificates were even being used to perform MITM attacks during periods of certificate invalidity. This raises concerns because such practices weaken the online privacy and security of internet users in Kazakhstan. +Notably, through [OONI data](https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06) collected from Kazakhstan between 2021 to 2024, we found **7 distinct intermediate certificates signed by 4 distinct root CAs being used to carry out TLS man-in-the-middle (MITM) attacks, targeting at least 14 distinct domain names on at least 19 different networks in Kazakhstan**. We found that these intermediate certificates were even being used to perform MITM attacks during periods of certificate invalidity. This raises concerns because such practices weaken the online privacy and security of internet users in Kazakhstan. We found the latest government root CA and many TLS MITM attacks on at least 19 networks by only analyzing OONI data collected from Kazakhstan between June 2023 to June 2024. As OONI data from Kazakhstan [spans from 2017](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2017-01-02&until=2017-12-02&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity) to date, with [new measurements published every day](https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2024-07-02&until=2024-08-02&time_grain=day&axis_x=measurement_start_day&test_name=web_connectivity), we encourage researchers to analyze [OONI data](https://ooni.org/data/) to investigate the scale of TLS MITM attacks in Kazakhstan further. ### **Acknowledgements** -We thank [OONI Probe](https://ooni.org/install/) users in Kazakhstan for contributing measurements, supporting this study. +We thank [OONI Probe](https://ooni.org/install/) users in Kazakhstan for contributing measurements, supporting this study. + +We also thank David Fifield for sharing input that informed the update of the TLS MITM section of this report (updated on 15th October 2024).