bbs icon indicating copy to clipboard operation
bbs copied to clipboard
verified publisher icon net4people

Reported HTTPS MITM in Kazakhstan, February 2024

Open wkrp opened this issue 1 year ago • 4 comments

An issue was opened at the Mozilla Bugzilla on 2024-02-07 that reports an HTTPS MITM in Kazakhstan. It seems similar to past TLS MITM in Kazakhstan that we have discussed in #6 (2019), #56 (2020), #66.

Bug 1879046: Add New Kazakhstan Root Certificate to OneCRL

Another MITM attempt by the KZ government. When I visit https://m.reactor.cc/, the real certificate is replaced with the one that I attached.

The certificates attached to the report have this period of validity:

Validity
    Not Before: Jan  4 02:30:22 2024 GMT
    Not After : Apr  3 02:30:21 2024 GMT

According to a comment in the issue, the CA certificate is https://crt.sh/?id=12281942153. I'm not sure where that comes from. It doesn't seem to match the RSA certificates at https://pki.gov.kz/cert/ (archive).

I found bug 1879046 through a meta-bug to track Kazakhstan interception certificates. The meta-bug has a history of how such certificates have been dealt with in Firefox.

Bug Dates Discussion
1229827 2016 https://groups.google.com/g/mozilla.dev.security.policy/c/wnuKAhACo3E
1567114 2019-07-17–2019-07-26, 2019-07-30–2019-08-07 #6, #66
1680927 1680922 (dup) 1680945 (dup) 1688277 1709666 1713980 1717548 1719704 2020-12-05–2021-07-08 #56, #66, https://censoredplanet.org/kazakhstan/live
1864724 1879046 1920157 2023-11-14–2024-09-20 This thread

wkrp avatar Mar 06 '24 06:03 wkrp

OONI, Internet Freedom Kazakhstan (IFKZ), and Eurasian Digital Foundation have a new report on Kazakhstan that documents MITM since 2021, using this latest "Information Security Certification Authority" certificate or a similar one.

Specifically, OONI data from Kazakhstan shows that the following domains were targeted by TLS MITM attacks:

  • 360tv.ru
  • astrakhan.sm.news
  • compromat.ru
  • cont.ws
  • knews.kg
  • kz.tsargrad.tv
  • regnum.ru
  • rutracker.org
  • sproot.it
  • stanradar.com
  • ukraina.ru
  • www.for.kg
  • www.pinterest.com
  • xakep.ru

The specific intermediate certificate that we found to be signed by the latest root certificate has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050.

In OONI data collected from Kazakhstan between 2023 to 2024, we found 6 distinct intermediate certificates being used to carry out the TLS MITM. Each of these certificates has a relatively short duration period of validity of 75 days. This means that in order for the certificate chain to continue functioning properly, they would have to re-emit a new intermediate from their root CA at least every 74 days.

The specific intermediates we found in our data are the following:

What's quite surprising from the above time ranges is that it's quite apparent that there is a gap in between the renewal of the certificates. Based on OONI data, we were able to confirm that even if internet users in Kazakhstan were to have installed the root certificate, as directed by the government, they would still have received certificate validation errors between 2nd November 2011 and 9th August 2023. Shorter windows of invalidity for the certificate can be observed between 23rd October 2023 and 28th November 2023, and then between 11th February 2024 and 20th March 2024.

What can be seen from the chart below is that these intermediate certificates were spotted in the wild and being used to perform MITM even during periods of certificate invalidity.

This suggests that if users were to attempt to visit the sites affected by the MITM and had installed the root CA, they would still be getting an error.

It's unclear to us why they went through the hassle of telling users to install the root CA, but then failed to keep the intermediates up to date in order to effectively carry out a MITM attack, even when users were fully compliant with government orders. We can only speculate that this is either due to some misconfiguration in the periodic renewal task (although for the first certificate we see the time window of invalidity is almost 2 years), or that for 3 times they forgot to renew their certificates on time.

Notice how the validity period of the intermediate certificate in the initial report would fill the validity gap "between 11th February 2024 and 20th March 2024".

There's a comment on NTC dated 2024-09-10 that describes MITM of xakep.ru using an intermediate certificate that is consistent withthe above pattern.

https://ntc.party/t/https-mitm-in-kazakhstan-starting-2024-02-07/7405/3

Сейчас обнаружил вот такой перфоманс

Now I found such a performance

echo | openssl s_client -servername xakep.ru -connect xakep.ru:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer=C = KZ, O = ISCA, CN = Intermediate
subject=CN = xakep.ru
notBefore=Jul 22 10:41:04 2024 GMT
notAfter=Oct 20 10:41:03 2024 GMT

wkrp avatar Sep 20 '24 17:09 wkrp

According to a comment in the issue, the CA certificate is https://crt.sh/?id=12281942153. I'm not sure where that comes from. It doesn't seem to match the RSA certificates at https://pki.gov.kz/cert/ (archive).

The specific intermediate certificate that we found to be signed by the latest root certificate has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050.

I found something curious while looking into this today. The original certificate that led to Bugzilla #1879046 and this thread has SHA256 fingerprint 89107C8E50E029B7B5F4FF0CCD2956BCC9D0C8BA2BFB6A58374ED63A6B034A30 and a period of validity from 2020-02-28 to 2050-02-28. But doing a search for "Information Security Certification Authority" turns up another certificate with fingerprint C530FADC9BFA265E63B755CC6EE04C2D70D60BB916CE2F331DC7359362571B25 with a validity period that differs by just a few minutes. And the certificate that is currently available for download (archive) from isca.gov.kz is yet different: it's not on crt.sh, but it has fingerprint 235150DE7DF7DB2E538D461BC4D210C4E0819BE2C4C76969476E3CBE67B723DD and it again has a validity period that differs by a few minutes.

89107C8E50E029B7B5F4FF0CCD2956BCC9D0C8BA2BFB6A58374ED63A6B034A30

https://crt.sh/?id=12281942153 https://web.archive.org/web/20240615065532id_/https://isca.gov.kz/Information_Security_Certification_Authority_CA_pem.crt https://bugzilla.mozilla.org/show_bug.cgi?id=1879046 https://bugzilla.mozilla.org/attachment.cgi?id=9389260

This one was revoked in OneCRL and shows in crt.sh as revoked. It was available for download from isca.gov.kz as recently as 2024-06-01.

        Serial Number:
            32:04:12:df:4c:2f:b1:02:f3:98:0c:aa:76:ba:61:0a:e6:2c:84:92
        Issuer: CN = Information Security Certification Authority, O = ISCA, C = KZ
        Validity
            Not Before: Feb 28 06:16:40 2020 GMT
            Not After : Feb 28 06:16:40 2050 GMT
        Subject: CN = Information Security Certification Authority, O = ISCA, C = KZ

C530FADC9BFA265E63B755CC6EE04C2D70D60BB916CE2F331DC7359362571B25

https://crt.sh/?id=11106964945 https://bugzilla.mozilla.org/show_bug.cgi?id=1864724

The validity period of this one is about 35 minutes earlier than the first one.

        Serial Number:
            45:1d:32:70:96:8c:19:99:7c:f2:e4:e3:b9:77:08:ef:e2:76:f3:18
        Issuer: CN = Information Security Certification Authority, O = ISCA, C = KZ
        Validity
            Not Before: Feb 28 05:39:51 2020 GMT
            Not After : Feb 28 05:39:51 2050 GMT
        Subject: CN = Information Security Certification Authority, O = ISCA, C = KZ

235150DE7DF7DB2E538D461BC4D210C4E0819BE2C4C76969476E3CBE67B723DD

Not yet present on crt.sh (search) https://web.archive.org/web/20240920170448id_/https://isca.gov.kz/Information_Security_Certification_Authority_CA_pem.crt https://bugzilla.mozilla.org/show_bug.cgi?id=1920157

The validity period of this one is about 50 minutes later than the first one.

        Serial Number:
            6c:47:08:9c:34:a8:8e:43:dd:e0:de:e3:06:61:55:8d:a9:cb:2e:70
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Information Security Certification Authority, O = ISCA, C = KZ
        Validity
            Not Before: Feb 28 07:04:41 2020 GMT
            Not After : Feb 28 07:04:41 2050 GMT
        Subject: CN = Information Security Certification Authority, O = ISCA, C = KZ

wkrp avatar Sep 20 '24 18:09 wkrp

Does this type of TLS MITM persist in Kazakhstan?

We could not trigger this behavior on any websites on the Tranco Top 1M list (AS44477).

    360tv.ru
    astrakhan.sm.news
    compromat.ru
    cont.ws
    knews.kg
    kz.tsargrad.tv
    regnum.ru
    rutracker.org
    sproot.it
    stanradar.com
    ukraina.ru
    [www.for.kg](http://www.for.kg/)
    [www.pinterest.com](http://www.pinterest.com/)
    xakep.ru

These websites, instead, were censored by message dropping.

I would be thankful if anyone could provide insight into the current state of TLS MITM in Kazakhstan.

JonSnowWhite avatar Jan 16 '25 12:01 JonSnowWhite

Does this type of TLS MITM persist in Kazakhstan?

I don't think the MITM has ever been continuous. Take a look at the OONI chart for xakep.ru below, for example. It's sometimes accessible and sometimes not.

https://explorer.ooni.org/chart/mat?probe_cc=KZ&since=2024-01-01&until=2025-01-30&time_grain=week&axis_x=measurement_start_day&test_name=web_connectivity&domain=xakep.ru

Web Connectivity Test, xakep.ru, Kazakhstan

wkrp avatar Jan 29 '25 08:01 wkrp