Reported HTTPS MITM in Kazakhstan, February 2024

[wkrp]

An issue was opened at the Mozilla Bugzilla on 2024-02-07 that reports an HTTPS MITM in Kazakhstan. It seems similar to past TLS MITM in Kazakhstan that we have discussed in #6 (2019), #56 (2020), #66.

Bug 1879046: Add New Kazakhstan Root Certificate to OneCRL

Another MITM attempt by the KZ government.
When I visit https://m.reactor.cc/, the real certificate is replaced with the one that I attached.

The certificates attached to the report have this period of validity:

Validity
    Not Before: Jan  4 02:30:22 2024 GMT
    Not After : Apr  3 02:30:21 2024 GMT

According to a comment in the issue, the CA certificate is https://crt.sh/?id=12281942153. I'm not sure where that comes from. It doesn't seem to match the RSA certificates at https://pki.gov.kz/cert/ (archive).

I found bug 1879046 through a meta-bug to track Kazakhstan interception certificates. The meta-bug has a history of how such certificates have been dealt with in Firefox.

Bug	Dates	Discussion
1229827	2016	https://groups.google.com/g/mozilla.dev.security.policy/c/wnuKAhACo3E
1567114	2019-07-17–2019-07-26, 2019-07-30–2019-08-07	#6, #66
1680927 1680922 (dup) 1680945 (dup) 1688277 1709666 1713980 1717548 1719704	2020-12-05–2021-07-08	#56, #66, https://censoredplanet.org/kazakhstan/live
1864724 1879046 1920157	2023-11-14–2024-09-20	This thread

[wkrp]

OONI, Internet Freedom Kazakhstan (IFKZ), and Eurasian Digital Foundation have a new report on Kazakhstan that documents MITM since 2021, using this latest "Information Security Certification Authority" certificate or a similar one.

• Kazakhstan: TLS MITM attacks and blocking of news media, human rights, and circumvention tool sites (archive)
• Казахстан: TLS MITM атаки и блокировка сайтов новостных и правозащитных ресурсов, а также сайтов инструментов по обходу блокировок (archive)

Specifically, OONI data from Kazakhstan shows that the following domains were targeted by TLS MITM attacks:

• 360tv.ru
• astrakhan.sm.news
• compromat.ru
• cont.ws
• knews.kg
• kz.tsargrad.tv
• regnum.ru
• rutracker.org
• sproot.it
• stanradar.com
• ukraina.ru
• www.for.kg
• www.pinterest.com
• xakep.ru

The specific intermediate certificate that we found to be signed by the latest root certificate has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050.

In OONI data collected from Kazakhstan between 2023 to 2024, we found 6 distinct intermediate certificates being used to carry out the TLS MITM. Each of these certificates has a relatively short duration period of validity of 75 days. This means that in order for the certificate chain to continue functioning properly, they would have to re-emit a new intermediate from their root CA at least every 74 days.

The specific intermediates we found in our data are the following:

• https://explorer.ooni.org/m/20210808015758.022737_KZ_webconnectivity_3b9213f9ee4f2d06

  Fingerprint: c0e15a945595372030f0d45938ebb6081bb39fb5
  Serial: 542829070264121061358597976201233251364726286334
  Not valid before: 2021-06-18 12:54:34
  Not valid after: 2021-09-01 12:54:34
  

• https://explorer.ooni.org/m/20210914080702.850310_KZ_webconnectivity_88ece394d9a0fcdc

  Fingerprint: 90f9aa29195ecbfbf2c943ab1d5102f3ec84a68c
  Serial: 600636309019776433832878055409971857043873967144
  Not valid before: 2021-08-19 12:39:14
  Not valid after: 2021-11-02 12:39:14
  

• https://explorer.ooni.org/m/20231016130600.035487_KZ_webconnectivity_4a5c38a0f8bea740

  Fingerprint: 8634ecaefb5d02463d2a9ce42178001154752561
  Serial: 293697198316360729812453916520636458008892047728
  Not valid before: 2023-08-09 06:33:35
  Not valid after: 2023-10-23 06:33:35
  

• https://explorer.ooni.org/m/20240317052821.044604_KZ_webconnectivity_3752cbf5dac624e9

  Fingerprint: dfcd9dcb64edd86e333ad6247e2deda7dcf10ebd
  Serial: 621829445753241691614495298860851878603068917060
  Not valid before: 2023-11-28 11:24:53
  Not valid after: 2024-02-11 11:24:53
  

• https://explorer.ooni.org/m/20231118140134.149173_KZ_webconnectivity_a93dfc958ab79ec2

  Fingerprint: cb074692a22395fa615a89a86d877c9abc034867
  Serial: 203432698505598047390349427507107109607746033885
  Not valid before: 2023-11-02 09:03:07
  Not valid after: 2024-01-16 09:03:07
  

• https://explorer.ooni.org/m/20240418133819.497733_KZ_webconnectivity_bd3a0d69cd5e8aca

  Fingerprint: 5d54c6afa4fd4685359875595565ae9f8caab914
  Serial: 499633659418679795571951434192241531137344178316
  Not valid before: 2024-03-20 05:50:15
  Not valid after: 2024-06-03 05:50:15
  

What's quite surprising from the above time ranges is that it's quite apparent that there is a gap in between the renewal of the certificates. Based on OONI data, we were able to confirm that even if internet users in Kazakhstan were to have installed the root certificate, as directed by the government, they would still have received certificate validation errors between 2nd November 2011 and 9th August 2023. Shorter windows of invalidity for the certificate can be observed between 23rd October 2023 and 28th November 2023, and then between 11th February 2024 and 20th March 2024.

What can be seen from the chart below is that these intermediate certificates were spotted in the wild and being used to perform MITM even during periods of certificate invalidity.

This suggests that if users were to attempt to visit the sites affected by the MITM and had installed the root CA, they would still be getting an error.

It's unclear to us why they went through the hassle of telling users to install the root CA, but then failed to keep the intermediates up to date in order to effectively carry out a MITM attack, even when users were fully compliant with government orders. We can only speculate that this is either due to some misconfiguration in the periodic renewal task (although for the first certificate we see the time window of invalidity is almost 2 years), or that for 3 times they forgot to renew their certificates on time.

Notice how the validity period of the intermediate certificate in the initial report would fill the validity gap "between 11th February 2024 and 20th March 2024".

There's a comment on NTC dated 2024-09-10 that describes MITM of xakep.ru using an intermediate certificate that is consistent withthe above pattern.

https://ntc.party/t/https-mitm-in-kazakhstan-starting-2024-02-07/7405/3

Сейчас обнаружил вот такой перфоманс

Now I found such a performance

echo | openssl s_client -servername xakep.ru -connect xakep.ru:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer=C = KZ, O = ISCA, CN = Intermediate
subject=CN = xakep.ru
notBefore=Jul 22 10:41:04 2024 GMT
notAfter=Oct 20 10:41:03 2024 GMT

[wkrp]

According to a comment in the issue, the CA certificate is https://crt.sh/?id=12281942153. I'm not sure where that comes from. It doesn't seem to match the RSA certificates at https://pki.gov.kz/cert/ (archive).

The specific intermediate certificate that we found to be signed by the latest root certificate has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050.

I found something curious while looking into this today. The original certificate that led to Bugzilla #1879046 and this thread has SHA256 fingerprint 89107C8E50E029B7B5F4FF0CCD2956BCC9D0C8BA2BFB6A58374ED63A6B034A30 and a period of validity from 2020-02-28 to 2050-02-28. But doing a search for "Information Security Certification Authority" turns up another certificate with fingerprint C530FADC9BFA265E63B755CC6EE04C2D70D60BB916CE2F331DC7359362571B25 with a validity period that differs by just a few minutes. And the certificate that is currently available for download (archive) from isca.gov.kz is yet different: it's not on crt.sh, but it has fingerprint 235150DE7DF7DB2E538D461BC4D210C4E0819BE2C4C76969476E3CBE67B723DD and it again has a validity period that differs by a few minutes.

89107C8E50E029B7B5F4FF0CCD2956BCC9D0C8BA2BFB6A58374ED63A6B034A30

https://crt.sh/?id=12281942153
https://web.archive.org/web/20240615065532id_/https://isca.gov.kz/Information_Security_Certification_Authority_CA_pem.crt
https://bugzilla.mozilla.org/show_bug.cgi?id=1879046
https://bugzilla.mozilla.org/attachment.cgi?id=9389260

This one was revoked in OneCRL and shows in crt.sh as revoked. It was available for download from isca.gov.kz as recently as 2024-06-01.

        Serial Number:
            32:04:12:df:4c:2f:b1:02:f3:98:0c:aa:76:ba:61:0a:e6:2c:84:92
        Issuer: CN = Information Security Certification Authority, O = ISCA, C = KZ
        Validity
            Not Before: Feb 28 06:16:40 2020 GMT
            Not After : Feb 28 06:16:40 2050 GMT
        Subject: CN = Information Security Certification Authority, O = ISCA, C = KZ

C530FADC9BFA265E63B755CC6EE04C2D70D60BB916CE2F331DC7359362571B25

https://crt.sh/?id=11106964945
https://bugzilla.mozilla.org/show_bug.cgi?id=1864724

The validity period of this one is about 35 minutes earlier than the first one.

        Serial Number:
            45:1d:32:70:96:8c:19:99:7c:f2:e4:e3:b9:77:08:ef:e2:76:f3:18
        Issuer: CN = Information Security Certification Authority, O = ISCA, C = KZ
        Validity
            Not Before: Feb 28 05:39:51 2020 GMT
            Not After : Feb 28 05:39:51 2050 GMT
        Subject: CN = Information Security Certification Authority, O = ISCA, C = KZ

235150DE7DF7DB2E538D461BC4D210C4E0819BE2C4C76969476E3CBE67B723DD

Not yet present on crt.sh (search)
https://web.archive.org/web/20240920170448id_/https://isca.gov.kz/Information_Security_Certification_Authority_CA_pem.crt
https://bugzilla.mozilla.org/show_bug.cgi?id=1920157

The validity period of this one is about 50 minutes later than the first one.

        Serial Number:
            6c:47:08:9c:34:a8:8e:43:dd:e0:de:e3:06:61:55:8d:a9:cb:2e:70
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Information Security Certification Authority, O = ISCA, C = KZ
        Validity
            Not Before: Feb 28 07:04:41 2020 GMT
            Not After : Feb 28 07:04:41 2050 GMT
        Subject: CN = Information Security Certification Authority, O = ISCA, C = KZ

[JonSnowWhite]

Does this type of TLS MITM persist in Kazakhstan?

We could not trigger this behavior on any websites on the Tranco Top 1M list (AS44477).

    360tv.ru
    astrakhan.sm.news
    compromat.ru
    cont.ws
    knews.kg
    kz.tsargrad.tv
    regnum.ru
    rutracker.org
    sproot.it
    stanradar.com
    ukraina.ru
    [www.for.kg](http://www.for.kg/)
    [www.pinterest.com](http://www.pinterest.com/)
    xakep.ru

These websites, instead, were censored by message dropping.

I would be thankful if anyone could provide insight into the current state of TLS MITM in Kazakhstan.

[wkrp]

Does this type of TLS MITM persist in Kazakhstan?

I don't think the MITM has ever been continuous. Take a look at the OONI chart for xakep.ru below, for example. It's sometimes accessible and sometimes not.

https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2024-01-01&until=2025-01-30&time_grain=week&axis_x=measurement_start_day&test_name=web_connectivity&domain=xakep.ru