- Intercept users' Internet traffic to any Secure website, i.e. Man-in-the-Middle Attack
- Access everything from user's web browsing history to usernames and passwords to secure and HTTPS-encrypted traffic
Next in the queue, Kazakhstan is also planning to Spy on encrypted Internet Traffic of its citizens, but in the most shameless way.
Unlike other spying nations that are themselves capable of spying on their citizens, Kazakhstan will force every internet user in the country to install bogus security certs on their PCs and mobile devices, allowing the 'Dictator' Government to:
This Program will seriously restrict Citizens' Freedom of Speech and Expression.
On Monday, the nation's largest Internet service provider Kazakhtelecom JSC published a notice, which said:
Citizens are "obliged" to install a so-called "National Internet Security Certificate" on every device, including desktops, laptops, and mobile phones.
Then overnight on Wednesday, the notice mysteriously vanished, but you can view the archived version of the notice here.
"The National Security Certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources," read the notice published by Kazakhtelecom at the beginning of this week.
This simply means:
The Government's shameless 'National Security certificate' program – most likely a root CA cert similar to those found in Lenovo's Superfish and Dell's Superfish 2.0 scandals – will target users' access to encrypted services that rely on Internet traffic being routed outside of Kazakhstan.
However, traffic between Servers located in Kazakhstan won't be affected.
The surveillance will begin from January 1; less than a month from now.
Also Read: NSA will not Stop Spying on us.
This move by the country will not only compromise users' freedom of speech and expression but also limit their privacy over the Internet.
Kazakhstan surveillance program is somewhat different from the NSA spying on American citizens, as, in this case, Kazakhs have to personally hand over the keys to their Web traffic to the government.
It is still unclear if the measure is being withdrawn with the vanish of the notice. However, more details about this are scheduled to be published later this month.