• Follow us


Major Browsers Block Kazakhstan Government's Fake Safety Cert | Cybersecurity

Google, Mozilla and Apple on Wednesday blocked a fake root certificate issued by Kazakhstan's government to spy on its citizens' online activities.

The government instructed citizens to install the certificate on all of their devices, and it provided separate instructions for Android, iOS, Chrome, Firefox, and Internet Explorer Web browsers, according to F5 Labs.

When those who installed the certificate attempt to access website using Chrome, Firefox or Safari, they now will see an error message stating that the "Qaznet Trust Network" certificate should not be trusted.

Google has added the certificate to CRLSet and will block it in other Chromium-based browsers, according to Andrew Whalley, Chrome Security.

"We believe this is the appropriate response because users in Kazakhstan are not being given a meaningful choice over whether to install the certificate and because this attack undermines the integrity of a critical network security mechanism," said Mozilla Certification Authority Program Manager Wayne Thayer.

Apple reportedly also has taken action to ensure Safari does not trust the certificate.

Redmond Silent

Microsoft has not said anything publicly about the issue.

"The Certificate Authority in question is not a trusted CA in our Trusted Root Program," a Microsoft spokesperson said in a statement provided to TechNewsWorld by company rep Katie Schick.

Microsoft "likely has a number of large contracts with the government, and they are typically far more exposed if a government wants to go after them, so they tend to be far more cautious," suggested Rob Enderle, principal analyst at the Enderle Group.

Apple and Google do not have much of a presence in government, he told TechNewsWorld.

Good Intentions?

The fake root certificate let the Kazakhstan government access citizens' online traffic, circumventing encryption, through a man-in-the-middle (MITM) attack.

The fake certificate decrypts traffic and encrypts it with its own key before forwarding the traffic to its destination, Censored Planet found.

The aim was to protect Kazakhstan's users from cyberthreats, according to government officials.

The fake certificate has to be installed manually because browsers do not trust it by default.

Censored Planet first observed the interception of online traffic through the certificate's mechanism July 17 and began tracking it July 20. The interception was not continuous, starting and stopping several times.

Detecting the Attack

Censored Planet detected the attack using a technique called "HyperQuack," which involves connecting to TLS servers and sending handshakes that contain potentially censored domains in the server name indication (SNI) extension.

If the response differs from a normal handshake response, the domain is marked as potentially censored.

At least 37 domains were affected:

google.com, docs.google.com, mail.google.com and other Google sites; youtube.com; android.com and related Android sites; instagram.com and related Instagram sites; twitter.com; and various Facebook sites.

Connections were intercepted only if they followed a network path that passed the interception system, Censored Planet found.

However, interception occurred regardless of the direction the connection took along the path. That allowed interception behavior to be triggered from outside Kazakhstan by making connections to TLS servers inside the country.

Tempest in Teacup?

Censored Planet has two virtual private server (VPS) clients within Kazakhstan. They were able to access affected sites without any HTTPS interception, suggesting it was not universal.

Many clients do not receive the injected certificate even when connecting to domains known to be affected, the organization pointed out.

Certificates were found injected in about 1,600 of more than 6,700 TLS hosts accessed through one of Censored Planet's VPS clients, and only 459 of the TLS hosts when accessed from the United States.

Kazakhstan's government earlier this month said that a new security system being tested caused interruptions to Internet access for residents of the nation's capital of Nur-Sultan.

One third of all traffic in the city was inspected, the government said, adding that the tests were complete and citizens who had installed the National Certificate could delete it. Citizens would have to install it again if required.

The path to all the 1,600 servers passed through AS 9198 -- Kazakhtelecom, which holds a de facto monopoly on backbone infrastructure, and established Kazakhstan's Internet Exchange Point -- a peering center for domestic traffic, according to Freedom House.

If at First You Don't Succeed

The Kazakhstan government first tried to launch a fake CA attack in 2015.

It applied to become a trusted Certificate Authority (CA) in the Mozilla program, but the request was denied because Mozilla had evidence the government planned to intercept traffic by forcing users to install the root certificate in the bug.

The latest attack used a different bug. Kazakhstan described the attack as a test of its cybersystems.

Mozilla blocked the Qaznet certificate because some users already had installed it, and because the organization considered it likely that the government might rely on it again in the future.

If the government switches to a new certificate, Mozilla promised to take similar action to protect the security and privacy of Firefox users.

Browser makers previously have blocked digital certificates. In 2015, Google and Mozilla blocked all new digital certificates the China Internet Network Information Center (CNNIC) issued after a threshold date.

They took that action in response to unauthorized credentials issued for Gmail and other Google domains.

However, Microsoft restricted itself to issuing a security update, and Apple did not take any action against CNNIC.

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

Read More

Leave A Comment

More News


Fitness: The Sweet Spot for Smartwatches New! 2019-09-20 05:42:54Smartwatches outsold traditional watches in the fourth quarter of 2018. The category saw a 51 percent increase in dollar sales for last year, along wi

Facebook's New Portals: More Ways to Follow 2019-09-19 06:00:00Facebook has announced three additions to the Portal family: a new Portal, Portal Mini and Portal TV. The devices let users make calls using Facebook

iPhone 11: To Upgrade or Not, That's the 2019-09-18 05:41:17Early reviews on the new iPhone models are appearing, and for owners of older versions of Apple's flagship mobile, an upgrade may be in order. Review

Pine64 Teases $25 Linux Smartwatch 2019-09-17 13:25:13While open source enthusiasts still await the year of the Linux desktop, hardware developer Pine64 is advancing the cause of a $25 Linux-powered smart

Wi-Fi 6 Is Ready for Prime Time 2019-09-17 06:07:02The Wi-Fi Alliance has released certification standards for Wi-Fi 6 devices, signaling that the technology is ready for prime time. The certification

What's Wrong With Apple? 2019-09-16 13:34:10Apple held its huge product announcement event last week, and what once had people besides themselves with excitement has become a near pointless prog

Archman Linux: Pure Arch With Extra Flair 2019-09-13 14:12:07Archman is an Arch Linux-based rolling distribution featuring the Calamares system installer, Pamac package manager, and a selection of preconfigured

The Pitched Battle Over Streaming Content 2019-09-13 05:40:26At Apple's annual new products and devices event earlier this week, CEO Tim Cook told the crowd gathered at its Cupertino headquarters that the new A

Apple Debuts Triple-Cam iPhone, New iPad, and Aggressively 2019-09-11 05:52:43Apple raised the curtain on its latest iPhone models, introduced a new iPad, refreshed its watch, and announced pricing for its subscription game and

Google's Super-Sized Nest Hub Draws Mixed Reviews 2019-09-10 10:42:40The new larger version of Google's Nest Hub smart display has been garnering mixed reviews. It has a 10-inch screen, compared to its predecessor's 7

Taking the AI Approach to US Problem-Solving 2019-09-09 14:06:34At an IBM briefing on its joint AI project with MIT, it struck me that some of the training concepts could improve the quality of political decisions

Multi-Cloud Strategy May Pose Higher Security Risk: Study 2019-09-06 06:16:26Users of a multi-cloud storage strategy may be twice as likely to face a security breach as those that use hybrid or single clouds, suggests a report


Best headphones: Our top picks for personal listening New! 2019-09-20 06:00:00Whether you're looking for an over-the-ear, on-ear, or in-ear model, we'll help you find the perfect pair.

Microsoft Windows 10 Insider build 18985 expands its 2019-09-19 19:01:00Microsoft said Thursday that, as part of a future version of Windows, it will beef up the Swift Pair Bluetooth pairing experience launched last year,

WatchOS 6: Everything you need to know about 2019-09-19 13:49:00Apple has unveiled watchOS 6, and it makes the Apple Watch more independent than ever.

Watch The Full Nerd talk about the latest 2019-09-19 13:46:00Join The Full Nerd gang as they talk about the latest PC hardware topics. Today's show goes into all the recent CPU performance leaks including 3rd-g

Apple Card FAQ: Interest rates, rewards, sign-up and 2019-09-19 13:30:00Here's everything you need to now about Apple's new credit card.

Apple Watch Series 3 vs Fitbit Versa 2: 2019-09-19 12:24:00We pit the newest Fitbit smartwatch against a two-year-old Apple Watch, and the results are surprising.

The Huawei Mate 30 phones have arrived and 2019-09-19 11:25:00Huawei has taken the wraps off the Mate 30 and Mate 30 Pro and it has everything you could possibly want in a late-2019 handset: all-screen industrial

Epic's own library update finally adds a List 2019-09-19 10:30:00I'm currently obsessing over the Steam Library Update, meticulously reorganizing my library in a hundred different ways. But while I was otherwise oc

Best media streaming devices 2019-09-19 09:00:00Roku Streaming Stick vs. Amazon Fire Stick vs. Chromecast vs. Apple TV, and more. Which streaming device is best for cord cutters? Our buying guide wi

Samsung's ultra-fast new PCIe 4.0 SSDs 'never die' 2019-09-19 08:00:00Samsung said new software for its latest PCIe 4.0 SSDs make them so reliable, they can essentially “never die.”Three new software features

Android 10: Ten essential tips for overlooked features 2019-09-19 06:30:00Android 10, previously known as Android Q, has finally started rolling out after months of beta testing. The Android of today is much more feature-ric

Review: Lenovo ThinkBook 13s pairs solid business features 2019-09-19 06:00:00Lenovo’s ThinkBook 13s is a deliberately intriguing combination of a business notebook with consumer flourishes, aimed at the vaguely-defined sp

FOX News

Facebook's Zuckerberg says there 'clearly was bias' in 2019-09-19 18:54:09Facebook CEO Mark Zuckerberg said the company's handling of a fact-checking controversy involving pro-life group Live Action was biased.

'Flying taxi' pulled over by police on the 2019-09-19 16:26:35A futuristic, eco-friendly water taxi was pulled over by police on the River Seine in Paris, according to The Independent.

Amazon’s Alexa voice assistant will start taking donations 2019-09-19 16:21:41Starting in October, users of Amazon’s voice-controlled home assistant Alexa will be able to dictate/verbally make a political contrib

AI can't offer protection from 'deepfakes,' new report 2019-09-18 19:29:35Artificial intelligence-based solutions may not be able to save us from deceptively altered videos, known as deepfakes, according to a new report from

Air Force four-star general: We need 225 bombers 2019-09-18 13:36:36Senior Air Force leaders believe that current shortages in the U.S. bomber fleet are putting the service, and the nation, at tremendous risk of enemy

Facebook still auto-generating Islamic State, al-Qaida pages 2019-09-18 10:03:46WASHINGTON (AP) — In the face of criticism that Facebook is not doing enough to combat extremist messaging, the company likes to say that its au

Apple Watch Series 5 review roundup: Is it 2019-09-18 08:47:28Apple Watch Series 5 reviews were posted early Wednesday morning, with many discussing the new always-on screen and increased storage capacity.

All the ways you can get Microsoft Office 2019-09-18 07:00:43The Microsoft Office Suite — Word, Excel, Powerpoint, Outlook, OneNote, Access and Publisher — has long been the standard when it comes to

Facebook to crack down on extremism by training 2019-09-17 19:55:48Facebook will work with law enforcement agencies to train its artificial intelligence systems to detect videos of violent events as part of its ongoin

Microsoft's Bill Gates regrets Jeffrey Epstein meeting: 'I 2019-09-17 19:29:02Microsoft founder Bill Gates says he regrets ever meeting with convicted sex offender Jeffrey Epstein to discuss philanthropy, according to

Tiny ‘biohybrid’ robots directed by muscles and nerves 2019-09-17 16:18:13Researchers have developed soft robotic devices that are driven by neuromuscular tissue that gets triggered when stimulated by light.

Army details mission of AI task force 2019-09-17 14:54:30Warrior Maven Interview with Col. Douglas Matty, Army Artificial Intelligence Task Force Deputy Director.


Subscription email app Tempo hits the right minimalist 2019-09-19 19:17:39Email will likely never die, but if new apps can change how we think about using it, maybe it will feel like the worst parts have croaked. In the wake

Facebook employee dies after apparent suicide at company’s 2019-09-19 19:11:51An employee of Facebook died by apparent suicide Thursday morning, Menlo Park police reported and the company confirmed. “We were saddened to le

The Mate 30 is a moment of truth 2019-09-19 18:59:40We’ve known this day would come for a long time now. Over the past several months, however, it feels like it has arrived in slow motion. Seeming

The emergence of super apps in Latin America 2019-09-19 17:00:27Because of its vast population distributed in more or less similar countries regarding language, culture and religion, Latin America is an especially

Twitter launches its controversial ‘Hide Replies’ feature in 2019-09-19 17:00:04Twitter’s controversial “Hide Replies” feature, aimed at civilizing conversations on its platform, is launching today in the U.S. an

Readying an IPO, Postmates secures $225M led by 2019-09-19 16:54:03Postmates is expected to unveil its IPO prospectus this month.

Lime is shutting down car rental service, LimePod 2019-09-19 16:34:10Transportation startup Lime is shutting down LimePod, its car-sharing service that it launched last November in Seattle. Lime plans to start removing

Ricoh’s Theta Z1 is the first truly premium 2019-09-19 16:05:21Ricoh has a well-earned good reputation when it comes to building smart, technically excellent photographic equipment — including the almost leg

Google announces 18 new renewable energy deals 2019-09-19 16:00:54Google today announced its largest package of renewable energy deals yet. Worth a total of 1,600-megawatts, the package includes 18 deals in the U.S.,

Finding sustainable success with Blackstone CEO Stephen Schwarzman 2019-09-19 15:21:16“We were so low that people would take advantage of us. People we knew well would just lie to us. One of my favorites was a company we did an en

Thinkful confirms data breach days after Chegg’s $80M 2019-09-19 15:08:18Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired. “We recently

Founders, get to Disrupt SF for answers to 2019-09-19 14:44:05One lesson from TechCrunch’s Disrupt SF is that founders can’d get enough programming on the really hard questions.  How do I get int


Daimler stops developing internal combustion engines to focus 2019-09-19 09:33:29 After reigning in the auto industry as the powertrain of choice for a century, the internal combustion engine is finally dying. Now even Daimler says

Watch Tesla Autopilot V10 do a 40-min commute 2019-09-19 06:21:17 A Tesla owner on the early access program got the new Tesla V10 update and released a demonstration of his 40-minute commute on three freeways in Los

Tesla Model 3 earns IIHS Top Safety Pick+, 2019-09-19 01:09:22 The Insurance Institute for Highway Safety has announced that the Tesla Model 3 has won its highest safety award, Top Safety Pick+, after achieving &

EPA’s own analysis shows fuel efficiency rollback will 2019-09-18 18:02:42 The Environmental Protection Agency (EPA) is attempting to revoke California’s authority to set its own emissions rules, a right enshrined in f

Tesla installs a Supercharger station at Nürburgring 2019-09-18 15:02:13 Tesla is continuing to test its new Model S prototypes at Nürburgring race track in Germany, and now the automaker has even installed a Supercha

Tesla Gigafactory 3 leaked pictures show Model 3 2019-09-18 14:19:45 There are a lot of eyes on Tesla Gigafactory 3 in Shanghai as pictures of Model 3 bodies going down the line are leaking on Chinese social media. mor

The latest shiny new $1,499 electric moped looks 2019-09-18 14:05:37 The new Karmic OSLO looks like no electric moped we’ve seen before. Half electric bicycle and half electric scooter, this one appears to be str

EGEB: Global youth strike against ‘age of fossil 2019-09-18 14:00:40 In today’s Electrek Green Energy Brief (EGEB): Youth climate strike kicks off on September 20 to “end the age of fossil fuels.” Sun

Pick up four smart LED A19 light bulbs 2019-09-18 13:17:57 Etekcity via Amazon offers a four-pack of its A19 Smart LED Light Bulbs for $37.99 shipped when the on-page coupon is clipped. Regularly $50, to

Zero unveils 2020 electric motorcycle lineup: New model, 2019-09-18 12:45:31 Zero Motorcycles has just announced its model year 2020 updates. This year we’re seeing a new model for the global market and updated lower pri

Tesla’s used cars prove popular in China with 2019-09-18 12:00:16 We have already seen Tesla’s used vehicles leading in value retention in the US, but the lead is apparently even more significant in China wher

Climate strikes around the globe Sep. 20-27 led 2019-09-18 11:54:50 Six months after youth took to the streets around the world demanding climate action, more climate strikes are planned in this coming week. &nbs

Ars Technica UK

Weighing in: Physicists cut upper limit on neutrino’s 2019-09-19 18:06:47First results from the KATRIN experiment are based on just 28 days of data.

Amazon orders 100,000 electric trucks to fight climate 2019-09-19 17:40:53Amazon aims to reach net zero carbon emissions by 2040.

We can phase out fossil fuels fast without 2019-09-19 17:24:26The cooling effect of aerosols from burning fossil fuels is already much smaller.

Huawei’s new flagship smartphone ships without Google apps 2019-09-19 17:10:21Trump's export ban means no Google apps for the Mate 30 Pro.

Facebook and Google have ad trackers on your 2019-09-19 15:20:13You just can't get away from the big ad tech companies, it seems.

World’s most destructive botnet returns with stolen passwords 2019-09-19 14:45:17Noticing an uptick in spam from people you know? You can probably blame Emotet.

In India, you don’t need a Google phone 2019-09-19 14:19:59A new toll-free Google Assistant service in India can be accessed from any phone.

Comcast promised not to raise prices—guess what happened 2019-09-19 13:59:42Comcast accused of reneging on "lifetime" price promise in Google Fiber city.

Forget the marshmallow test; this could be the 2019-09-19 13:39:47It could be possible to ID at-risk children based on a single teacher's assessment.

Dealmaster: A bunch of Amazon devices are on 2019-09-19 13:05:34Plus deals on Logitech accessories, Apple Watch and iPad pre-orders, and more.

Apple launches iOS 13, watchOS 6, and Apple 2019-09-19 13:04:56iPadOS, macOS, and tvOS releases are still on the way, though.

Nintendo Switch Lite is the best portable system 2019-09-19 11:00:06Review: Comfort tweaks, new d-pad propel a cheaper way into a great portable library.

Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.