Kazakhstan Man-in-the-middle Attack
   HOME

TheInfoList



Click Here for Items Related To - Kazakhstan Man-in-the-middle Attack
OR:
Kazakhstan Man-in-the-middle Attack on:   [Wikipedia]   [Google]   [Amazon]

In 2015, the
government of Kazakhstan The Government of the Republic of Kazakhstan ( kk, Қазақстан Республикасының Үкіметі, tr, ''Qazaqstan Respublikasynyñ Ükımetı'') oversees a presidential republic. The President of Kazakhstan, currently Kassym- ...
created a
root certificate In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed (and it is possible for a certificate to have multiple trust paths, say if ...
which could have enabled a
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
on
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is e ...
traffic from Internet users in
Kazakhstan Kazakhstan, officially the Republic of Kazakhstan, is a transcontinental country located mainly in Central Asia and partly in Eastern Europe. It borders Russia Russia (, , ), or the Russian Federation, is a transcontinental coun ...
. The government described it as a "national security certificate". If installed on users' devices, the certificate would have allowed the Kazakh government to intercept, decrypt, and re-encrypt any traffic passing through systems it controlled. In July 2019, Kazakh ISPs started messaging their users that the certificate, now called the Qaznet Trust Certificate, issued by the state
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Th ...
the Qaznet Trust Network, would now have to be installed by all users. Sites operated by
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
,
Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin ...
and
Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...
appeared to be among the Kazakh government's initial targets. On August 21, 2019,
Mozilla Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, w ...
and
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
simultaneously announced that their
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...
and
Chrome Chrome may refer to: Materials * Chrome plating, a process of surfacing with chromium * Chrome alum, a chemical used in mordanting and photographic film Computing * Google Chrome, a web browser developed by Google ** ChromeOS, a Google Chrome- ...
web browsers would not accept the government-issued certificate, even if installed manually by users.
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus '' Malus''. The tree originated in Central Asia, where its wild ances ...
also announced that they would make similar changes to their
Safari A safari (; ) is an overland journey to observe wild animals, especially in eastern or southern Africa. The so-called "Big Five" game animals of Africa – lion, leopard, rhinoceros, elephant, and Cape buffalo – particularly form an importa ...
browser. ,
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
has so far not made any changes to its browsers, but reiterated that the government-issued certificate was not in the
trusted root store In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...
of any of its browsers, and would not have any effect unless a user manually installed it. In December 2020, the Kazakh government attempted to re-introduce the government-issued root certificate for a third time. In response to this, browser vendors again announced that they would block any such attempt by invalidating the certificate in their browsers.


References

Computer surveillance Internet in Kazakhstan Mass surveillance Transport Layer Security {{SSL/TLS