Apple, along with Google, Microsoft, and Mozilla, today banned from their respective web browsers a malicious certificate that was being used by the Kazakhstan government to intercept HTTPS traffic coming from the city of Nur-Sultan, the country’s capital.
As reported by ZDNet, the certificate was first used on December 6, when local authorities forced Internet providers to prevent Nur-Sultan residents from accessing foreign websites without a special certificate issued by the government.
Access to popular websites like Google, Twitter, YouTube, Instagram, and Netflix has been blocked. In order to access them, users needed the special government certificate installed. The Kazakh government has argued that they were just “carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies.”
Officials cited that cyberattacks targeting “Kazakhstan’s segment of the internet” grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government’s explanation did, however, make zero technical sense, as certificates can’t prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers.
However, as of today, the malicious certificate issued by the local government has been blocked by Safari, Chrome, Edge, and Firefox. While this prevents Nur-Sultan citizens from accessing foreign websites, it also stops the government from intercepting user data.
FTC: We use income earning auto affiliate links. More.