top | item 20632373

National Certificate in Kazakhstan Is Canceled

61 points| tsarka | 6 years ago | reply

Over the past two weeks, residents of Nur-Sultan, capital of Kazakhstan, have faced problems with access to the Internet. Officials explained that it was happening because of the new security system's testing. It was said to be a part of «Cyber shield of Kazakhstan» which allows to increase the country's defense capability and counteract information wars. According to previously received statistics, the authorities managed to inspect a third of all traffic in the Nur-Sultan city.

TSARKA assumed the role of a moderator in this situation and it seems that we managed to reach the top management of the country and convey our arguments. From our point of view, the optimal solution has been reached in the course of negotiations with the participants of the process.

A few hours ago we were officially informed that the tests were completed, all the tasks set during the pilot were successfully solved. Those who have established the National Certificate may delete it since it will no longer be needed. The need for its installation may arise in cases of strengthening the digital border of Kazakhstan within the framework of special regulations.

We don’t know how you guys are, but we breathed a sigh of relief when we heard about this news. Everyone got their own: we got the free Internet, the government got an instrument for fighting digital weapons.

P.S. We are especially proud of our role in the process. It was difficult not to fall into a negative point and maintain neutrality, but now we are satisfied with ourselves.

27 comments

[+] pimterry|6 years ago|reply

When you say:

> we got the free Internet, the government got an instrument for fighting digital weapons

I'm not sure what this means. What is the instrument the government now has for fighting digital weapons? Is it the ability to turn this HTTPS interception back on later?

If so, this doesn't sound like _great_ news. That would mean the government has stopped intercepting traffic for now, but it reserves the right & capability to do so again in future whenever it feels like it (I.e. whenever the internet next contains something Kazakhstan gov doesn't like).

[+] unknown|6 years ago|reply

[deleted]

[+] steve19|6 years ago|reply

> P.S. We are especially proud of our role in the process. It was difficult not to fall into a negative point and maintain neutrality, but now we are satisfied with ourselves.

Not sure if the translation has not carried through. Are you staying you are pleased you did not oppose it because opposing it might have caused to government to make it permanent?

Sounds like the moment the government needs to crack down on someone they will flip the switch knowing there won't be any opposition.

I can't help but think if the government were wanting to spread positive propoganda about these tests, your post is exactly what they would write: "everyone wins and everyone is happy with our results of MTIMing the entire country".

[+] beachy|6 years ago|reply

Indeed, the OP has such a dodgy sound to it. Like a satire of how the regime's puppets would wriggle out of their situation.

[+] reallydontask|6 years ago|reply

> I can't help but think if the government were wanting to spread positive propoganda about these tests, your post is exactly what they would write: "everyone wins and everyone is happy with our results of MTIMing the entire country".

My thoughts exactly. It's hard not to be a cynic about something like this.

[+] solarkraft|6 years ago|reply

> The need for its installation may arise in cases of strengthening the digital border of Kazakhstan within the framework of special regulations.

Translation attempt: If deemed necessary, people will be forced to install a state certificate again.

Assuming that the goal is to be able to break encryption:

- How do you ensure people will install the certificate?

- How do you ensure people don't communicate by state-intransparent means, even with the certificate installed?

I'm guessing heavy, heavy penalties?

[+] pimterry|6 years ago|reply

> How do you ensure people will install the certificate?

I think the short answer is: your internet won't work until you do.

VPNs out of the country avoid this of course; not clear if they're working to actively block that.

[+] concerned_user|6 years ago|reply

No, they will put you in jail first and ask questions later. Unjustified imprisonment compensation will take years to get and amount will be laughable probably something along the lines of 5000 EUR per year or less.

[+] tomc1985|6 years ago|reply

> I'm guessing heavy, heavy penalties?

Rubber-hose cryptanalysis

[+] andrey_utkin|6 years ago|reply

What is TSARKA (who are you)?

What you mean you are proud of your role?

What you mean by neutrality other than negativity, when the whole story is about forced access to everyone's computer to install a backdoor devised by the government?

[+] shakna|6 years ago|reply

I think this [0] is TSARKA. I'm a bit vague on what they actually _do_ looking through the site.

The TSARKA president said something along the lines of:

> [TSARKA] is the first private computer incident response team in Kazakhstan.

So I _think_ they're a IT security contractor, and from other things they seem to have a leaning towards penetration testing.

[0] https://tsarka.org/

[+] Arbalest|6 years ago|reply

I wonder about the "you are now free to delete the certificate". Not everyone will do this if they aren't tech savvy enough, or don't care. This will mean 2 things 1. Those that don't may still be able to have their traffic intercepted 2. Those that do reject the signing (if the attempt is made) may find themselves the subject to further investigation.

[+] yrro|6 years ago|reply

Perhaps OS and browser vendors should push out updates that blacklist the certificate?

[+] betaby|6 years ago|reply

Link to the official statement would definitely help.

[+] azangru|6 years ago|reply

Does this count (same announcement, but on the site of the org)? https://tsarka.org/post/national-certificate-cancelled

[+] brudgers|6 years ago|reply

Context, https://www.zdnet.com/article/kazakhstan-government-is-now-i...

[+] troydavis|6 years ago|reply

[+] marksomnian|6 years ago|reply

Discussion in mozilla.dev.security.policy (mailing list to discuss TLS implementation in Firefox/NSS): https://groups.google.com/forum/#!topic/mozilla.dev.security...

[+] alltakendamned|6 years ago|reply

so, a CERT organisation that is proud of its role in mitm'ing all traffic in the country ?

Of course, all in the name of fighting the four horsemen of the infocalypse... (ref. https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...)

You might want to get your moral compass checked.

[+] iserlohnmage|6 years ago|reply

I wonder if normal citizens of Kazakhstan can visit HN and report the situation there.

[+] trazire|6 years ago|reply

The SSL cert was simply for "bad" data on "trusted" sites. See https://en.wikipedia.org/wiki/Internet_censorship_in_Kazakhs...

[+] nairobi222|6 years ago|reply

[deleted]

[+] Arbalest|6 years ago|reply

[deleted]

[+] sfthrower89|6 years ago|reply

[deleted]

[+] GrumpyNl|6 years ago|reply

Why is your name green?

[+] maze-le|6 years ago|reply

It is a propoaganda account -- recently created to convey the message: "Everything is fine, everything is OK, nothing fishy has happened in Kazakhstan, now move along nothing to see here..."

"And if we force you to install our certificate again, don't trouble yourself, its to fight 'digital weapons' you know..."

[+] DanBC|6 years ago|reply

Green names indicate newer accounts.

This is so that established users can provide friendly, helpful, advice and pointers to features of HN.

[+] utouq|6 years ago|reply

I misread Karazhan... What the fuck is the Violet Eye up to now...

[+] charlesdm|6 years ago|reply

Prince Malchezaar should have the answer