Hacking the Kazakh way, top-down

Hacking the Kazakh way, top-down

The ferocity of the Kazakh government’s cyber campaign against dissent in Kazakhstan inspires comparisons to China’s Great Firewall.

A recently released report by the Electronic Frontier Foundation illustrates the increasing viciousness of the Kazakh government’s crackdown on dissent in Kazakhstan. According to the report, the Kazakh government continues its campaign of intimidation against journalists, opposition members and their families, associates, and lawyers of those who are involved in any litigation with the Kazakh government via malware, cyber-espionage and even kidnapping.

Termed “Operation Manul” by the Electronic Frontier Foundation, the Kazakh government hired two independent cyber security firms to supply monitoring malware to surveil and collect data on the Central Asian government’s most outspoken opponents.

Silencing dissent by controlling the internet

Unfortunately, this is only the latest chapter in the Kazakh government’s war on dissenters. Since 2011, Kazakhstan has increasingly attempted to establish a Kazakh version of the Great Firewall of China.

Starting softly by forcing all news and sites with .kz domain names to channel their traffic through local Kazakh servers, the Kazakh government effectively pushed multinational companies like Google and Russian blogger sites out of the Kazakh market and opened the way for domestic monitoring of the Internet. In 2012, the Kazakh government targeted news and media outlets that had been critical of the government’s reaction to the December 2011 Zhanaozen strikes, forcing four outlets offline.

Since 2012 the Kazakh government has utilised a variety of malware and targeted spearphishing operations run by hired overseas actors to forcibly crackdown on what it sees as the core instigators of Kazakh political dissent. Mukhtar Ablyazov, the founder of the opposition party, Democratic Choice for Kazakhstan, was one target of Operation Manul’s malware. According to the EFF report, malware was utilised to identify the location of his wife and six year old daughter in Italy. They were then seized by Italian authorities and taken as apparent political hostages by Kazakh President Nursultan Nazarbayev in 2013.

Hacking in Kazakhstan 2

Kazakh president Nursultan Nazarbayev

Other main voices of public dissent including the newspaper (and now online journal), Respublika, and the blog, Kazaword, have been targeted by the government through both cyberattacks and through the U.S. court system. The Kazakh government’s representatives are currently attempting to use American law to threaten Respublika’s web host and to extract information on the organization from Facebook‘s logs, all the while monitoring Respublika’s founder Irina Petrushova and her husband through its cyber intrusion programmes.

Recreating China’s Great Firewall

Since January 2016, the Kazakh government has extended its cyber surveillance to the whole of Kazakhstan and intercepted all of the country’s encrypted web and mobile phone traffic. By mandating that all Kazakh citizens install a new “national security certificate” on their computers and smartphones that intercepts requests to and from foreign websites, officials can now read mobile and web traffic between Kazakh users and foreign servers, breaking current privacy protections such as SSL.

Attempting to ease the privacy concerns surrounding the new initiative, Kazakhstan’s largest telecommunications company, Kazakhtelecom JSC released a press statement declaring that telecommunication operators were now “obliged” under law to intercept encrypted web and mobile connections flowing into its borders. However, it highlighted that this was a measure to “secure protection of Kazakhstan users”, who have access to encrypted content from “foreign Internet resources”.

In reality though, it is little more than a cost effective version of China’s Great Fire Wall. While these measures will allow Kazakh officials to monitor and block large segments of Kazakhstan’s digital traffic for Internet and mobile users, it will also cost Kazakhstan politically and economically.

Breaking dissent or shrinking the economy?

In a recent GRI article on China’s Internet censorship, Margaux Schreurs illustrated the adverse effect that China’s internet censorship is having on foreign investment. A number of issues were identified as being detrimental to businesses.

Be it unreliable internet access, the lack of privacy, or the inability of devices like mobile phones and computers to function correctly, Internet censorship can hinder companies from doing business and lead to delays in communications and poor financial development. These issues make countries with Internet censorship less attractive for foreign investment, a situation that Kazakhstan cannot currently countenance given the significant economic pressure on the Kazakh economy.

Governmental hacking poses a security risk

The lack of cyber security is also a prominent concern throughout the Central Asian IT market. In Kazakhstan, Uzbekistan and Kyrgyzstan, messenger services like Salem, Pager and Va4ach have struggled, due to the perception that they are simply the government’s personal data collection agencies, who will steal personal and business data.

The real concern for Kazakhs and for foreign companies involved in Kazakhstan, according to Steven M. Bellovin, a professor of computer science at Columbia University, is that Kazakhstan’s system constitutes a tempting target for hackers or foreign government’s cyber intrusion specialists. “Anyone who hacked these boxes would also be able to monitor traffic”.

This poses a significant risk, not just to Kazakh business, but also to those foreign firms involved in the domestic market. This is illustrated by the case of DigiNotar, a generally trusted Dutch certificate authority, which in 2011 was hacked due to Iran’s internet monitoring and issued a ream of fake certificates to access the accounts of 30,000 Iranian Gmail users. After the attack became public knowledge, major technological companies like Google, Microsoft and Adobe blacklisted DigiNotar which went bankrupt some months later.

If this occurred in Kazakhstan and the Kazakh certificate authority gets blacklisted, then large sections of the internet will no longer be available to Kazakhs — a beneficial outcome, if you are trying to control the net-surfing population, but of little value when trying to attract overseas investment.

About Author

Victoria Kelly-Clark

Dr. Victoria Kelly-Clark is a GRI analyst who focuses on Central Asia and Russia. She received her doctorate in political science and international relations from the Australian National University in 2011. She has lived in Central Asia and has an interest in the Middle East, Russia and its former Soviet territories. Her work is featured in The Vision Times, The Epoch Times and on her blog Central Asia and Beyond.