This is the sixth and last blog of a series of reports on Internet freedom in Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Kazakhstan. Kazakhstan is the country with the greatest potential for IT development in the region.
Kazakhstan has a well-developed infrastructure, high investments in communication sector, considerable amount of costumers and Internet penetration rate of about 62%. There is no state monopoly on interurban and international communications (this was cancelled in 2004).
In terms of Internet censorship and limitation of freedom of expression Kazakhstan is still very restricted. On July the 11th of 2009, president Nazarbayev approved the amendments to the legislation concerning the information and communication networks. According to these amendments, all Internet resources, including websites, chats, blogs and even on-line shops and electronic libraries are set to the same administrative, civic and criminal proceedings as are applied to mass communication media. By decision of the court, information websites, blogging platforms and social networks are being blocked. Networks are equipped with the most recent surveillance techniques, among others DPI, the most ultimate tool for surveillance and control over Internet access.
The content filtering includes blocking access to many popular blogging platforms, Google services and individual websites, which are inconvenient for the existing regime.
KAZAKHTELECOM, the major communication operator in the country, has installed software on their network servers, which allows them to cache the most popular Internet resources and when a user sends a request to some photo or video content, the data is being transmitted not from a European or American server, but from an internal server, installed within KAZAKHTELECOM network. This infrastructure allows for additional opportunities of content filtering and end user content modification.
Based on the research of Peter Bourgelais, a tech fellow at AccessNow, the Kazakh state security services are capable of intercepting landline telephone communications, Internet traffic, semi-structured data such as SMS, MMS, and forum posts, as well as automated voice and facial recognition. They also possess some mobile forensics capabilities as well as sophisticated data analysis software.
As in other CIS countries, the Kazakh state obliged communication operators to buy, certify, install and maintain special SORM (System for Operative-Investigative Activities) equipment. Intelligence services force the operators to overtake the costs although the law does not define clearly whether or not the operators are obliged to cover these costs. The licensed SORM package alone costs about 30,000 USD, whereas the price does not include the delivery and installation expenditures. Talgat Doskenov, the President of the Kazakhstan Association of Entrepreneurs, has submitted a number of claims regarding this issue to the Head Public Prosecutor and Prime Minister of Kazakhstan.
According to a statement of the Tor Project team, Deep Packet Inspection (or DPI for short) is being implemented on the territory of Kazakhstan. The clear signs of DPI utilisation are at the moment only evident when access to the specific resources is being blocked and on specific protocols.
Cyber censorship practices in Kazakhstan are quite actively implemented and have a long-term history. Over the years, news websites as well as websites of radio stations got blocked. Among the websites blocked in 2011 there were several popular anonymous proxy-servers, e.g. Hidemyass (http://www.hidemyass.com) and Ninjacloak (http://www.ninjacloak.com).
The blocking of various Internet resources was implemented roughly. For example, the scandalous blocking of the popular blogging platform livejournal.com by KAZAKHTELECOM was entirely implemented by the IP address of the respective server. Thus, all blogs located on the server were affected. At the same time the real reason for the blocking was the blog of disgraced Rakhat Aliev hosted on this platform. The same happened with http://www.wordpress.com, http://www.blogspot.com, http://www.blogger.com as well as with some elements of Google infrastructure (applications.google.com, Google Ads, etc.). Moreover, by blocking access to the listed websites for its subscribers KAZAKHTELECOM, being transit operator for Kyrgyzstan, Uzbekistan and Tajikistan, blocked traffic to these resources for all these countries as well. In Kyrgyzstan there were a lot of discussions on this matter during several years.
Furthermore, during the riots in Zhanaozen (oil mining location in Kazakhstan) in December 2011 Twitter was actively blocked.
According to the available information in December 2011 KAZAKHTELECOM launched DPI equipment and by doing so temporarily blocked key exchange mechanism necessary during the establishment of SSL sessions and thus disabled the normal function of the Tor network, as well as SSL featured PPTP and VPN tools. In April 2012 KAZAKHTELECOM blocked the entire traffic, generated by Opera search engine, which is able to use its own proxy-servers.
Another striking example was on January 1, 2014, when the website Ratel.kz posted a presentation by the ministry of communication and information regarding the government’s brutal suppression of an oil worker strike in Western Kazakhstan that turned into mass riots and became known as the Zhanaozen crisis. The presentation suggests that the government then disrupted all communications in the town (it was officially stated that the telecom lines were hit by fire).
Other types of potential attacks and threads
In the last several years DDoS attacks against various Internet resources of Kazakhstan became very frequent. Websites of banks, independent Internet resources, Internet mass communication media and forums were exerted to DDoS attacks.
Also journalists and activists are under threat. On March 14, 2013, human rights activist and journalist Alexander Kharlamov was arrested for allegedly “spreading atheist ideas” and “inciting hatred” online, but observers believe his anti-corruption activism was the real reason for his arrest. He was sentenced to six months pre-trial detention (some of which was forcibly spent in a psychiatric ward) and now faces a prison sentence of up to seven years.
Furthermore, there is a fact of criminal prosecution of a small entrepreneur for using illegal copy of software. According to a rumour, sets of equipment were confiscated from several private printing offices in the regions due to use of supposedly illegal software copies during the pre-election campaign prior to elections for Kazakhstan Parliament (Mazhilis). Taking into consideration the amount of illegal copies of software used in Kazakhstan, one can affirm with confidence that almost all vulnerable strata of the civil society (non-governmental and non-commercial organisations, mass media, printing offices, human rights organisations, etc.) use unlicensed software copies to a certain extent. This situation creates a high level of risk for cyber security and might lead to criminal prosecution and pressure from the side of the local authorities.
Potential threads, possible ways of their escalation and suggested mitigation measures
The broad application of illegal software copies along the obvious cyber threads (infection with viruses, instability of software operation, unavailability of support from the software producer) creates a certain risk of property confiscation and criminal prosecution used as a tool to control and exert pressure on NGOs in case of conflicts with local and central authorities. It is necessary to implement massive financial aid to initiatives, which are involved in solving this problem.
DDoS attacks are becoming more and more frequently used as a suppression tool against independent Internet resources dedicated to Kazakhstan. One can affirm with confidence that the clients requesting such attacks understand the financial and technical weakness of their victims in the face of the threads. It is necessary to support initiatives assisting in protection of civil society organisations, NGOs, independent media and other relevant organisations against DDoS.
The biggest problem of NGOs is the computer illiteracy of their employees, which is the reason for their low level of competence and motivation to understand the threads and proactively promote own digital security and find the best suitable solutions for the respective issues. This is especially true for remotely located, rural NGOs. The majority of the organisations are not able to provide necessary reasoning for the additional costs of protection against potential digital security threads in their budgets (e.g. hosting on a secure webserver, IT specialist’s services to ensure digital security during the development of a website, procurement of licensed software products and so on). Donors, on the other hand, are not able to efficiently identify the threads and usually do not pay necessary attention to the issues of cyber security when evaluating the projects and do not motivate the potential recipients to consider these issues.
The availability of cyber surveillance technologies and techniques of user activity analysis is an additional thread for privacy and security of civil society members. Support of initiatives aimed at enhanced security of communications and increase of users’ anonymity level is required. Provision of tools and solutions enabling digital security at personal and especially at organisational level are required.
Taking into consideration the overall situation with cyber security of NGOs in Kazakhstan and relationships of the last with the authorities, it is highly recommended to provide solutions aimed at support of NGOs and other relevant actors in terms of digital security, privacy and protection. It is necessary to create service capable of development of customised solutions, provide on-site consultations for people requiring assistance, organise targeted seminars and when necessary provide small grants in form of licensed software, equipment and secure remote support for NGOs. This initiative should operate not only on the country (Kazakhstan) level, but also have regional mission including at least all Central Asian countries.
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.