The government of Kazakhstan forcefully decrypts part of internet traffic
On July 2019 the government of Kazakhstan started enforcing a policy where web browser users are forced to install a specific root certificate on their computers. Due to the nature of browser based encryption (SLL/TLS/https) this enables the government to decrypt the traffic.
According to a study by the lab Censored Planet from the University of Michigan (https://censoredplanet.org/kazakhstan) the decryption targets include e.g. Gmail, Google, Facebook, Messenger, mail.ru, translate.google.com, Instagram and Youtube. "With these fake certificates, the attacker can impersonate any website, modifying its content or recording exactly what users do or post on the site." When a selected user tries to connect to a selected server the connection is not allowed by the internet service provider unless the government issued certificate is being used.
A certificate that enables the attack can also be installed by company's security personnel (firewalls etc. are routinely used in companies to decrypt SSL/TSL/https traffic to search for malware), evil maid, evil customs officer or by malware that attacks user's computer.
On march 2017 Wikileaks published leaks from the hacking arsenal of the CIA (Central Intelligence Agency of USA). In some of those documents there are advices to malware writers of CIA: 'DO NOT solely rely on SSL/TLS to secure data in transit. Numerous man-in-middle attack vectors ... '. To read more about risks of browser based encryption see our risks of SSL page.
August 21, 2019 Chrome, Safari and Firefox browsers started to
issue an error message when they notice that this specific certificate
from the government of Kazakhstan is being used, see
On December 6, 2020 Kazakhstan re-activated this campaign. See Kazakhstan’s HTTPS Interception Live (Again).