The government of Kazakhstan is forcing citizens in its capital, Nur-Sultan, to install digital certificates in their devices if they want to access foreign Internet services, under the guise of cybersecurity exercises.
The digital certificate – designed to spy on citizens’ internet use – allows For the government to intercept all data HTTPS protocol Which is carried out from users’ devices using the attack technique called (man in the middle) MitM.
Kazakhstani ISPs, such as Beeline, Tele2 and Kcell, are redirecting users residing in Nur-Sultan to webpages that offer instructions on how to install the government digital certificate.
Nur-Sultan residents also received SMS messages informing them of the new rules.
Kazakhstan users are told that they are unable to access sites such as Google, YouTube, Twitter, Facebook and Instagram without installing the government digital certificate.
This is the third attempt of the Kazakh government to force citizens to install digital certificates in their devices after the first attempt in December 2015 and the second attempt in July 2019.
Both previous attempts failed after that Browser makers have blacklisted government certifications.
In July 2019, Google and Mozilla banned the digital certificate called Qaznet Revealed About it the government of Kazakhstan, which allowed it to monitor the encrypted internet activity of any user who installed it.
Kazakh officials described their efforts to intercept HTTPS data as cybersecurity training for government agencies, communications and private companies.
They pointed to the fact that cyber attacks targeting the Internet sector in Kazakhstan grew by 2.7 times during the current Corona pandemic as the main reason to start the exercise, Officials did not say how long the exercises would last.
The Kazakh government used a similarly vague statement last year and described its actions as security measures to protect citizens.
Browser makers, which played a pivotal role in preventing the first two attempts by the Kazakh government to intercept HTTPS data, said they would investigate the latest incident and take appropriate action.