Kazakhstan man-in-the-middle attack

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In 2015, the government of Kazakhstan created a "national security certificate" which would have allowed a man-in-the-middle attack on HTTPS traffic from Internet users in Kazakhstan. Such an attack would involve requiring all Internet users to install a root certificate controlled by the Kazakh government into all their devices, allowing it to intercept, decrypt, and re-encrypt any traffic passing through systems it controlled.[1][2]

In July 2019, Kazakh ISPs started messaging their users that the certificates would now have to be installed by all users.[3][4]


  1. ^ "Experts Concerned Kazakhstan Plans to Monitor Users' Encrypted Traffic". Digital Report (in Russian). 2015-12-05. Retrieved 2019-07-18.
  2. ^ Nichols, Shaun (3 Dec 2015). "Is Kazakhstan about to man-in-the-middle diddle all of its internet traffic with dodgy root certs?". www.theregister.co.uk. Retrieved 2019-07-18.
  3. ^ "MITM on all HTTPS traffic in Kazakhstan | Hacker News". news.ycombinator.com. Retrieved 2019-07-18.
  4. ^ Afifi-Sabet, Keumars (19 July 2019). "Kazakh government will intercept the nation's HTTPS traffic". IT PRO. Retrieved 2019-07-19.