The major browser manufacturers, Apple, Google, Microsoft and Mozilla, have banned the security certification That was used by the government Kazakhstan To monitor HTTPS data for residents of the country’s capital, Nur-Sultan.
The security certificate – designed to spy on citizens’ internet use – allows the government to intercept all data HTTPS protocol Which is carried out from users’ devices using the attack technique called (man in the middle) MitM.
The security certificate has been in use since December 6, 2020, when the government forced local Internet service providers to block Nur-Sultan residents from accessing foreign websites without verifying the government-issued certificate.
While users were able to access most of the sites hosted abroad, access to sites such as Google, Twitter, YouTube, Facebook, Instagram and Netflix were blocked, unless the certificate is installed.
The Kazakh officials justified their actions by claiming that they were implementing cybersecurity training for government agencies, communications and private companies.
Officials indicated that cyberattacks targeting the Internet sector in Kazakhstan grew 2.7 times during the current coronavirus pandemic as the main reason to start the exercise.
The Kazakh government used a similarly vague statement last year and described its actions as security measures to protect citizens.
However, the government’s explanation did not make sense from a technical standpoint, as the testimonies cannot prevent mass cyber attacks and are usually only used to encrypt and protect traffic from outside observers.
And if after the ban users install the certificate, then browsers such as Chrome, Safari, Firefox and Edge refuse to use it, which prevents Kazakh officials from intercepting user data.
This is the third attempt of the Kazakh government to force citizens to install certificates in their devices after the first attempt in December 2015 and the second attempt in July 2019.
Both previous attempts failed after that Browser makers have blacklisted government certifications.
Companies banned the certificate for the first time in August 2019, the security certificate called Qaznet that was used to intercept traffic to various Russian and English social media sites.