How Kazakhstani authorities are trying to cover up their failure with the introduction of the certificate
This post was previously called differently, but the moderators asked him to change and remove the negative, although this affected the sense, from my point of view. However, keep the facts.
In July, I published a news on Habré that the Kazakh authorities obliged all residents of Astana to install a certificate to carry out MITM attacks on their data transmitted via mobile networks. The news was resonant, gained a lot of comments, and is still "smoldering": Get ready, you Russians, for MITM in the face of the state, as it happened in Kazakhstan . I began to closely monitor this topic, read all the news and articles with relevant topics. I was interested in how organizations would react to this event: both international and all kinds of Kazakhstani “Internet associations”.
A good article on this topic was released relatively recently by Cencor Planet, which kept a finger on the pulse and monitored the situation on this attack. Here's an article with securitylab about it: The Kazakh government intercepts Facebook, VK and Google traffic
But no less carefully, I followed publications in the Kazakhstan segment, and shared the most important ones on my Facebook. Here are some examples:
Compare these two articles, and perhaps you will understand what the CARK is. If you do not want to read and compare - here are screenshots from Habr, with excerpts from the first article (CARKA).
and continuation
Who the CARKA are at all is not known for certain. Freedom of speech and the press are suppressed in Kazakhstan. All significant media, like all mobile operators, belong to the same ruling family. There are many publications in pro-government media that promote this group. They call themselves "Ethical Hackers."
→ Who are “ethical hackers”, how do they differ from ordinary
For me personally, there is no doubt that this is the brainchild of the Kazakh authorities:
→ A representative of CAREC joined the Public Council on IT Security under the MIC of the Republic of Kazakhstan
As a person living in Kazakhstan, monitoring the situation in the field of IT, I can say with great certainty that these are “half-en-cache hackers”. Why the KNB? Well, because now the KNB (this is a direct analogue of the FSB - the National Security Committee) is responsible for everything related to wiretapping on the Internet and all that goes with it.
→ Experts spoke about the “intervention” of the KNB in the conversations and correspondence of Kazakhstanis
Here is a quote from the article:
I won’t be surprised if they are responsible for hacking accounts of political opposition activists and DDoS attacks on a few opposition publications outside of Kazakhstan. Although, of course, I can’t say this.
But the essence of the article is not that. This is just a prelude. In my opinion, and the look of those people with whom I spoke about this, the certificate simply “did not fly up”. I agree with the opinion of the commentator from Habr.
But the opinion of one well-known opposition journalist, very respected both by me and other independent journalists in Kazakhstan. Once, she, in a semi-underground manner, printed an opposition publication, for which she was thrown to the editorial office with a cut off dog’s head, and they tried to intimidate her in every possible way. Her insiders have been exposed more than once, although of course, as in any non-free state, the truth is the lot of rumors.
Personally, I believe these words more than the official version of the authorities of Kazakhstan and their accomplices in the person of CARK.
But then again, this is not the essence of this article. The essence of the article is that yesterday, the President of CARK Olzhas Satiye on Khabr publishes the news The national security certificate in Kazakhstan is canceled in which he ascribes to himself and CARK the merit for the cancellation of this certificate.
Quote from the article:
Well, you know, I was just taken aback by such impudence!
PS Special thanks to Ivan Zvyagin aka baragol for helping to "comb" this article so that it matches the style of Habr.
In July, I published a news on Habré that the Kazakh authorities obliged all residents of Astana to install a certificate to carry out MITM attacks on their data transmitted via mobile networks. The news was resonant, gained a lot of comments, and is still "smoldering": Get ready, you Russians, for MITM in the face of the state, as it happened in Kazakhstan . I began to closely monitor this topic, read all the news and articles with relevant topics. I was interested in how organizations would react to this event: both international and all kinds of Kazakhstani “Internet associations”.
A good article on this topic was released relatively recently by Cencor Planet, which kept a finger on the pulse and monitored the situation on this attack. Here's an article with securitylab about it: The Kazakh government intercepts Facebook, VK and Google traffic
But no less carefully, I followed publications in the Kazakhstan segment, and shared the most important ones on my Facebook. Here are some examples:
- Interview with a representative of CARK “ Installation of security certificates can give access to personal data of Kazakhstanis - CARK ”
- What is a Qaznet certificate and is it safe?
Compare these two articles, and perhaps you will understand what the CARK is. If you do not want to read and compare - here are screenshots from Habr, with excerpts from the first article (CARKA).
and continuation
Who the CARKA are at all is not known for certain. Freedom of speech and the press are suppressed in Kazakhstan. All significant media, like all mobile operators, belong to the same ruling family. There are many publications in pro-government media that promote this group. They call themselves "Ethical Hackers."
→ Who are “ethical hackers”, how do they differ from ordinary
For me personally, there is no doubt that this is the brainchild of the Kazakh authorities:
→ A representative of CAREC joined the Public Council on IT Security under the MIC of the Republic of Kazakhstan
As a person living in Kazakhstan, monitoring the situation in the field of IT, I can say with great certainty that these are “half-en-cache hackers”. Why the KNB? Well, because now the KNB (this is a direct analogue of the FSB - the National Security Committee) is responsible for everything related to wiretapping on the Internet and all that goes with it.
→ Experts spoke about the “intervention” of the KNB in the conversations and correspondence of Kazakhstanis
Here is a quote from the article:
The head of the Center for Analysis and Investigation of Cyberattacks (CARKA) Olzhas Satiev, in an interview with the correspondent of the NewTimes.kz news agency, explained why the transfer of the state technical service to the KNB is correct, and is it worth it to worry about this.
I won’t be surprised if they are responsible for hacking accounts of political opposition activists and DDoS attacks on a few opposition publications outside of Kazakhstan. Although, of course, I can’t say this.
But the essence of the article is not that. This is just a prelude. In my opinion, and the look of those people with whom I spoke about this, the certificate simply “did not fly up”. I agree with the opinion of the commentator from Habr.
But the opinion of one well-known opposition journalist, very respected both by me and other independent journalists in Kazakhstan. Once, she, in a semi-underground manner, printed an opposition publication, for which she was thrown to the editorial office with a cut off dog’s head, and they tried to intimidate her in every possible way. Her insiders have been exposed more than once, although of course, as in any non-free state, the truth is the lot of rumors.
Personally, I believe these words more than the official version of the authorities of Kazakhstan and their accomplices in the person of CARK.
But then again, this is not the essence of this article. The essence of the article is that yesterday, the President of CARK Olzhas Satiye on Khabr publishes the news The national security certificate in Kazakhstan is canceled in which he ascribes to himself and CARK the merit for the cancellation of this certificate.
Quote from the article:
Our organization took on the role of a moderator and, it seems, we managed to reach the top and convey our arguments. In the course of negotiations with the participants in the process, it seems to us, the optimal solution has been reached.
Today we were officially informed that the tests were completed, all the tasks set during the pilot were successfully solved. Citizens who have established a National Certificate can remove it, since it will no longer be needed. The need for its installation may arise in cases of strengthening the digital border of the state within the framework of special regulations.
Well, you know, I was just taken aback by such impudence!
PS Special thanks to Ivan Zvyagin aka baragol for helping to "comb" this article so that it matches the style of Habr.
All Articles