Kazakhstan's Government Begins Intercepting HTTPS Traffic In Its Capital

ZDNet reports:Under the guise of a "cybersecurity exercise," the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services. Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users' devices via a technique called MitM (Man-in-the-Middle). Starting today, December 6, 2020, Kazakh internet service providers (ISPs) such as Beeline, Tele2, and Kcell are redirecting Nur-Sultan-based users to web pages showing instructions on how to install the government's certificate. Earlier this morning, Nur-Sultan residents also received SMS messages informing them of the new rules. Kazakhstan users have told ZDNet today that they are not able to access sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix without installing the government's root certificate. This is the Kazakh government's third attempt at forcing citizens to install root certificates on their devices after a first attempt in December 2015 and a second attempt in July 2019. Both previous attempts failed after browser makers blacklisted the government's certificates.

Read more of this story at Slashdot.