This is the first of a series of reports on Central Asia, a region which is generally perceived as ‘closed’ in terms of Internet freedom, as it is being closely monitored by authorities and the use of Internet and communication technologies is restricted. This blog focuses on Uzbekistan, one of the most repressive countries in former Soviet Union, characterized by a pervasive regime of control and censorship.
Whereas Uzbekistan is not a front-runner with regard to economic growth or technological development in Central Asia, it is one of the most striking examples of illegal cyber-censorship and pressure on the informational community. Partial or full Internet content filtration, substitution of original websites with fake ones, blocking of access to Internet pages, surveillance and even complete Internet shutdown is not a full list of the instruments, applied to enable control over users and their activities.
Nowadays, human rights organisations of Uzbekistan are separated geographically, since part of the activists remain in political emigration outside
of the country. There are not many active human rights activists and civil groups in the country. Most of them are old people with a low level of computer literacy, who have little (if so) understanding about the digital security tools. All local activists of non-governmental organisations are exerted to pressure from the side of authorities to extent of arrest. A part of them has only episodic Internet access or spread their information via
other more computer literate colleagues. Websites publishing critical information about the Uzbek government are being blocked by the local ISPs. This complicates informational flow between the actors and its export to international community.
There are no independent journalists in Uzbekistan, and most foreign organisations (mass media, HR NGOs etc.) who have a correspondent in
Uzbekistan, try to stay in the shadow and do undercover work on human rights violations, torture, and child labour cases. One of the major problems is communication with them, as the current Internet situation in Uzbekistan – high-costs, low connection speed and bad service quality, as well as surveillance and low level of computer literacy in general – it is a big problem to establish a secure and surveillance-free connection between the people inside of the country and the outer world.
Apart from Internet threads, there is a common practice of inspection of computers, data storages and mobile phones. All active human rights activists and journalist are being constantly inspected when crossing the border of the Republic, the contents of digital storages are being checked (USB, CD, DVD), most of them are requested to open computers and show the contents of their drives. In some cases more sorrow inspection is being conducted in a separate room and in the absence of the owner. There are facts of confiscation of electronic storages from journalists, crossing the border. Umida Niyazova, journalist and human rights advocate was convicted for her professional activities. In her case the materials confiscated while she was crossing the border (DVD and files stored on her PC) played the central role. There are cases of unreasonable inspections and confiscations of computers from human rights advocates and activists. Those who received their devices back complain, that “they work in a strange way”.
Internet infrastructure and use
Uzbekistan has a common border with 5 states: Afghanistan, Kyrgyzstan, Turkmenistan, Tajikistan and Kazakhstan. There are fiber-optic connections with 4 of these countries. According to the reports, the connection with Afghanistan will be established in the nearest future. As of January 2012 there were over 900 communication operators registered, whereas the cumulative capacity of the external Internet channel was 8 Gigabit.
In November 2006 a special resolution № PP-513 was implemented by President Islam Karimov on ‘measures to increase the efficiency of investigative activities in communication networks of the Republic of Uzbekistan’ which led to the fact that all communication operators without exceptions are obliged to install special SORM (System for Operative-Investigative Activities) equipment for surveillance on all communications (IP-addresses, http requests, etc) at their own costs, leaving aside that the possibility exist that DPI technology is already being used on Uzbek communicational networks. The SORM system-analysis allows the National Security Agency (NSA) of Uzbekistan to view all individual user’s activity for any period of time and to gain information on the communicational partners, including e-mails, instant messages and VoIP calls, as well as requested websites (including the names of the encrypted websites she or he attempted to access).
An example of SORM usage in Uzbekistan is described in the RSF report: in January 2010 a large number of people were arrested for participation in religious extremists organisations. They were identified due to the fact that their communications in Mail.ru Agent, which is not featured with encryption, were monitored. This is true not only for the Internet, but also for voice communications (mobile, landline and VoIP). The entire external traffic from the secondary ISPs is routed through UZPACK (daughter of UZBEKTELECOM). According to the law, UZBEKTELECOM has the exclusive right for providing local operators with external Internet channel and based on this fact, the local operators always use UZBEKTELECOM’s services and do not have own satellite or alternative connection channels. Thus, a secondary ISP has no control over the traffic, which leaves their network to the outer world (traffic is being tracked, recorded, blocked and might potentially be modified by the primary operator).
Uzbekistan is a pioneer in implementation of surveillance technologies against its citizens among CIS-countries. The history of surveillance technologies application is one of the most unique. First computer appliances for filtration and limitation of Internet access were installed and applied on the educational network called UzSciNet (NREN project of NATO, the network was established and launched approximately in 2002-2003), directed by Vadim Navotniy. System initially designed for saving external traffic (caching proxy server) was used as user activity control and content filtering tool (blocking of porno, games and entertainment) for content not related to education and science. Later this technology was used as basis for filtering at state ISP’s level (UZPACK), improved and implemented for a certain period of time, until specialized appliances were purchased.
Nowadays, there are three main levels of censorship in Uzbekistan:
- National ISP’s level (national gateway);
- Local licensed ISPs’ level;
- Resellers’, non-ISPs’ level.
At the national level politically unwanted content is being filtered. The lists of prohibited resources are being updated on the everyday basis. The filtering is implemented based on IP-addresses and URLs. Moreover, traffic is being redirected with substitution of an original resource (located for example in Russian Federation) with a fake one, located inside of UZPACK network and being a copy of the original resource, but containing modified contents. This method was for instance episodically used to control access to certain parts of centrasia.ru website in 2009-2010.
The filtering at the level of local ISPs is not being implemented centralized. Normally it is initiated by the operators themselves, which can block porno resources and entertaining websites. At the operators’ level the physical connection of a subscriber is controlled, thus the companies might intentionally created difficulties with Internet access, supposedly motivated by “the defects of communicational networks”.
Resellers are basically Internet cafes. Based on the location and owners’ statement porno resources, gaming websites, dating sites, as well as the major oppositional and human rights organizations’ websites are being filtered. At the same time there are no legal acts directly regulating the filtering in the Internet clubs. In some Internet clubs, which are located near the expensive hotels and are usually visited by the foreigners, the filtering is concealed as failures of the network. Some usually blocked websites are easily accessible. For example, in TRANSNET (Internet Café, located near the Radisson Hotel), in 2010 the website of BBC blocked elsewhere in Uzbekistan was accessible without any limitations.
Usually almost all Internet cafes are being maintained by non-professionals, use unlicensed copies of software, which are never updated, and as a result become a perfect environment for viruses and harmful software. In some Internet cafes there are announcements prohibiting the access to certain resources, which stimulates self-censorship.
Other types of potential attacks and threads
There many examples of attacks on independent Internet media dedicated to Uzbekistan. Most recently in February and March of the last year (2012) there were attacks on http://www.fergananews.com and www.uznews.net.
On the 28th of February 2012, about 11 PM an attack on www.uznews.net media resource started. On the 29th the attack became more intense and as a result hosting provider switched off UZNEWS’s server in order to avoid its complete failure. After a company specialized on defense against DDoS attacks was engaged, the website was restored and worked properly. At this point the numbers characterizing the attack became available: 1.5 Gigabit bandwidth, type of attack – SYN flood. Chief editor of UZNEWS Galima Bukharbaeva claimed: “We don’t know what provoked the attack, try to conjecture. One of the guesses is the series of publications about assassination attempt against Uzbek imam Obid-kori Nazarov in Sweden.”
On the 28th of March 2012 another famous independent news resource www.fergananews.com got attacked. The website previously used services of Deflect (financed by Internews), but later rejected their services, leaving only mobile version enabled. According to the Chief editor Daniil Kislov, Deflect had way to aggressive caching which lead to interferences with the display of ads. Mr. Kislov claims there were no clear reasons for attack (no negative events currently covered by Ferghana.ru). However during the DDoS attack on Ferghana.ru another website (www.vesti.kg, actively publishing news from Ferghana.ru) was affected. Previously Ferghana.ru was under DDoS attacks in 2008 and 2009.
Based on the researchers’ claims, SORM equipment developed in Russian Federation is being actively implemented in Uzbekistan. The equipment was exported by MFI-Soft through an intermediary, ALOE Systems, to Uzbekistan’s state-owned UZBEKTELECOM.
One of Oxygen’s resellers, Softline, has offices in all Central Asian countries, including four offices in Kazakhstan alone. Softline directly markets forensics packages on Allsoft.uz, the Uzbek version of one of its subsidiaries’ websites.
Speech Technology Center (STC), the audio forensics company based in St. Petersburg has conducted business in Uzbekistan.
As reported by AccessNow.org Tech Fellow, Peter Bourgelais: “The Uzbek state security services are capable of interception of landline telephone communications, internet traffic, semi-structured data such as SMS, MMS, and forum posts, and automated voice and facial recognition. They also possess some mobile forensics capability.”
There is one single case of hard drive theft from an office of the human rights organization EZGULIK in Tashkent. An unknown person broke into the office and removed the hard drive from the server, which contained organization’s database and the entire office documentation.
Potential threats, possible ways of their escalation and suggested mitigation measures
It is important to understand that our beneficiaries can be divided into two main categories: those living inside of the country and those who left its borders. Taking this factor into consideration the major problem identified is the communication between these two groups and often files transfer. IWPR, Frontline, NewEurasia Foundation, TacticalTech, CIIP, and TransitionOnline conducted multiple trainings on digital security. However most of them were ineffective due to mixed groups (different age groups, various levels of computer literacy), large amount of materials covered, difficulty of individual subjects and short timeframe for training. People involved in technical self-education, considering all human rights advocates, activists and independent journalists inside as well as outside of Uzbekistan are a handful. The rest of them require thorough work, mentoring and individual training.
The majority of the activists and human rights advocates are not able to effectively use instruments of personal cyber security, barely use encryption and other instruments. Any escalation of cyber threads from the side of the government or cybercriminals will cause grievous consequences. The majority of the NGOs in Uzbekistan are not capable to protect themselves and their digital resources.
Almost all potential grantees use unlicensed software. This creates a huge risk of infection with viruses and hacking of victims’ computers. Raids of state agencies aimed at identification of use of unlicensed software in NGOs and civil organisations represent a perfect influence tool allowing to legally and effectively exerting pressure on the NGOs. Such method is applied in Russia, Kazakhstan and Kyrgyzstan for a long time. In Uzbekistan the users of the pirated software are punished with large fines and confiscation of equipment. An analogue of the initiative conducted by the American NGO TECHSOUP in Russia (INFODONOR program) is necessary for Uzbekistan in order to ensure free availability of basic office software for Uzbek NGOs.
The purposeful transition of all websites dedicated to Uzbekistan or blocked in Uzbekistan to operation via SSL connection is necessary. Introduction of SSL will allow avoiding tracing of users’ activity and substitution of the websites with fakes.
This blog is made in cooperation with security experts in the region, and is entirely based on their findings.