This is the third of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Turkmenistan,  one of the world’s most hostile countries for internet users, with its monopoly state-run provider offering only a highly censored version of the internet.

Turkmenistan is one of the most repressive and isolated countries in the world. Dictatorship was established after its independence in 1991 by the first president, Saparmurat Niyazov, and his oppressive authority. The regime is now lead by the second president, Gurbanguly Berdimuhamedow, who came into power in 2007 after the death of Niyazov. He kept all the means of repression established by his predecessor. As a result the country is one of the most closed and very underdeveloped when it comes to access to online communication services and freedom of information dissemination.

turkmenistan

Under the Niyazov’s rule, Internet in Turkmenistan was a gloomy picture. Starting in 1990, when Siemens and Alkatel were invited to build and develop telecommunication network in Turkmenistan, and during the entire time of his rule, Internet was only available for the government, scientific community, foreign diplomatic missions and foreigners. Ordinary people had a very limited access to the Internet. In 2000 Niyazov paced communication sector under control of monopolist Turkmen Telecom, removing 4 independent ISPs from the market. In 2002 the last few Internet cafes in the capital Ashkhabad were shut down. Barely 7% of the population had access to Internet in 2012, and in 2014 an estimated broadband penetration of less than 0.04% make a pessimistic outlook. Mobile phones used by 63% of the population, are an important tool for Internet access.

In 2007 after Gurbanguly Berdimuhamedow came to power, it seemed that Internet situation for the regular citizens has improved. In Ashkhabad 2 Internet cafes re-opened and over 12000 new computers were purchased for the local schools. Moreover the governmental website titled ‘The Golden Age’ (www.turkmenistan.gov.tm) was featured with a commenting tool, allowing users to add comments about the quality of government’s work. However the price for using public Internet (approximately 4USD/hour) was too high for an average user, the commenting tool was deactivated soon after the appearance of the first critical comments and the newly purchased computers were partly plundered (1500 netbooks with Turkmen flag on the lid were smuggled to Kyrgyzstan and sold at significantly reduced price).


Data interception and monitoring
All unencrypted online communications in Turkmenistan, including e-mail and web traffic are intercepted and analysed by the Ministry of State Security. Based on the readings of Human Rights Watch, Internet became available for the private individuals in 2008 only after a system of comprehensive interception and monitoring was installed. The system is able to recognise who sent a specific message and analyse its contents by searching for key words. Voice communications can also be intercepted. Technologically speaking the interception and monitoring are centralised, since Turkmen Telecom controls all communication channels.

Because of the total monitoring and the associated fears, Internet users in Turkmenistan have a high level of self-censorship. People are afraid to write critical comments about the current government on the Internet and those who do this are accepted as provokers from Ministry of State Security. Critics and offence towards the authorities are illegal due to current legal system and are punished with a fine, forced labour or detention up to 1 year. Offence towards president can lead to detention up to 5 years. Intelligence services analyse websites visited by the Turkmen population and can take measures against those, who criticise the authorities online. Turkmenistan is seen as one of the most censored countries worldwide.

The most noted case resulted from the systematic surveillance occurred in 2011 after an explosion on the ammunition depot in Abadan, suburb of Ashkhabad. About 200 people perished and Abadan’s population was evacuated. The authorities wanted to hide the the incident, but the Internet became flooded with photo and video materials showing the aftermath of the explosion. Consequently, the authorities arrested dozens of people, who had photos and videos related to the explosion on their mobile phones. Later, Dovletmurat Yazkuliev, blogger and the Radio Liberty correspondent, independently covering the incident and its consequences, was sentenced to five years detention on fabricated charges. However, under pressure of a number of human rights organizations he was granted a pardon.

Another example is the president’s fall from a horse during the horse race in Ashkhabad in April 2013. According to a witness, the public was not allowed to leave the racetrack area until all electronic devices with video recording function were examined. Also, intelligence services look through the passengers’ belongings at the airport. Still the video of Berdimuhamedov’s fall leaked to the Internet.


Internet censorship
Since Turkmen Telecom is a monopolist on the country’s Internet communication market, the state implements a centralised Internet censorship. The only non-Turkmen communication operator is MTS, which recently re-started its operation in Turkmenistan. However it also gets Internet connection from Turkmen Telecom.

Filtering is exerted on the node, which precedes the frontier router of Turkmen Telecom. Analysing the current research papers one can conclude that blocking is implemented by technology similar to that implemented in China. Special equipment sends a faulty connection error signal when connecting to blacklisted IP-addresses, which does not allow establishment of a session with the blocked server.

For example:

  1. A user is trying to open youtube.com website and specifies its address in a browser;
  2. It’s IP-address is identified (172.194.31.174) and the browser sends a signal to establish a connection;
  3. The website responses and browser sends a signal, indicating that it is ready to receive the data;
  4. This entire process is analysed by special equipment installed on the operators network. In case the attempt to connect to a blacklisted website is identified, the transmitted data is replaced and the connection breaks (user gets an error message: “The connection was reset”).

The websites blocked in Turkmenistan mainly include news sources specifically covering the situation in Turkmenistan, international news and analytics websites, the websites of international organisations, some donor organisations, video hosting platforms, as well as some proxy-servers and popular blogging platforms.

There are also offline-monitoring attempts in the country. For instance, in August 2011 by the instructions of the country’s president, the authorities removed many satellite dishes owned by private persons. Official explanation is that the large number of dishes deteriorates the country’s appearance. Unofficial explanation is an attempt to control the TV content consumed by the population. In exchange the Ministry of Communications was obliged to provide cable TV services for the population. Moreover according to the witnesses’ statements during the explosions in Abadan telephone communications were completely shut down in the town. These were later reactivated for local calls within Turkmenistan only, international calls and Internet remained disabled.


Other types of existing threats and attacks
The intelligence services of Turkmenistan are not able to independently conduct DDoS attacks and hacking, however it is expected that they hire respective experts from other countries, in particular from Ukraine. Websites publishing critical content about Turkmenistan are quite often targeted by hackers’ attacks. For the last three years, the website Turkmenistan Chronicles (www.chrono-tm.org) was several times targeted by DDoS attacks, leading to its complete unavailability to users. Not only the website was hacked, also information about its subscribers list and forum leaked to the hackers.

Quite a serious threat is caused by the low computer literacy level of users, which allows malefactors to exert even elementary fishing attacks, cheating users and infecting their computers with viruses. In 2008, hackers spread a link to a slide show supposedly depicting a shooting in Ashkhabad among Turkmen internet-users. As a result, 500 users downloaded this content, which turned out to be malware and destroyed their Windows.


Potential threats, possible ways of their escalation and suggested solutions for their prevention
Taking into account the available information, the following measures to strengthen the control over users can be assumed: improving mechanism of content blocking (selected blocking of particular posts and services) by using DPI, modernising the surveillance system by introduction of long-term profiling and collecting information on users activity. Since attacks on websites, covering situation in Turkmenistan, have been registered and the majority of these websites use some form of protection technologies, the more powerful application layer DDoS attacks are to be expected. In case the level of security of the websites’ code will not improve, the number and scale of attacks and violations will most likely increase. Reportedly, the intelligence services of Turkmenistan have special instruments of voice and facial recognition(produced by Russian company “Speech Technology Centre”) as well as the FinSpy Mobile software package for spying on users, produced by the British-German company Gamma International.

A big threat is potential technical ignorance of the majority of Internet-users, unawareness of the threats and their inadequate assessment. Technologies are getting more sophisticated every year, new services and devices are coming to the market, which results in new threats as well. For reliable protection from these new threats it is necessary to obtain particular knowledge, have basic computer skills. Awareness is key, but it is very important to follow the elementary rules of “cyber-hygiene”: don’t use pirated software, regularly update all software products installed on the PC, use a reliable anti-virus software and have strong passwords. Currently the majority of users do not follow these simple rules. Ignorance and carelessness provide an ideal environment for malicious software utilisation and spread of virtual infection among computers.

Technical support for information services and resources providers covering Turkmenistan issues is required. The mission here is very specific: technical assistance in auditing websites’ code and consulting service holders on on-going issues (for example, users anonymity in comments, server activity and load monitoring etc.). Services for protection from DDoS attacks and traffic clean-up from hacking attempts and discrediting as well as solutions for users protection from traffic interception and spying by the website are necessary.

This blog is made in cooperation with security experts in the region, and is entirely based on their findings.