Kazakhstan tries again to torpedo safe connections

The Kazakh regime is currently forcing Internet users in the capital Nur-Sultan to install an insecure certificate in their browser. If you don’t do this, you can no longer access foreign websites such as Google, Twitter, Facebook, YouTube or Netflix. Officially it is a “cybersecurity exercise”. In fact, the certificate is used to switch off the usual security through HTTPS connections.

That reports ZDNet. The certificate allows the authorities not only to inspect all connections, but also to manipulate them. The regime can change or suppress information or inject false information that has a genuine effect.

Regime does not give up

It is the third attempt by the Kazakh government to monitor encrypted Internet traffic. In 2015 and again in 2019, the government tried to have its own root certification facility (root CA) approved by Mozilla. Mozilla-based browsers such as Firefox would have falsely marked certificates issued by Kazakhstan as trustworthy and opened the door to man-in-the-middle attacks.

Mozilla has denied these requests. As is currently the case, the government of Kazakhstan tried last year to force end users to manually install the interception certificate. The browser manufacturers put the certificate on their black lists. Kazakhstan is considered one of the countries with the most common DNA manipulations.

(ds)