tango
1
There’s a bug in Mozilla Bugzilla that says there’s a new HTTPS MITM in Kazakhstan since 2024-02-07. (At least, that’s when the bug was opened.)
Bug 1879046: Add New Kazakhstan Root Certificate to OneCRL
Another MITM attempt by the KZ government.
When I visit https://m.reactor.cc, the real certificate is replaced with the one that I attached.
Many people install mandatory certificate to be able to access some government websites.
I’m not sure if the browser will let you in if you have those mandatory certificates installed.
The following certificate information will be of use in adding this root certificate to OneCRL:
“issuerName”: “MFMxNTAzBgNVBAMTLEluZm9ybWF0aW9uIFNlY3VyaXR5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQKEwRJU0NBMQswCQYDVQQGEwJLWg==”,
“serialNumber”: “MgQS30wvsQLzmAyqdrphCuYshJI=”,
“pubKeyHash”: “iSjFk5iw8XHA+W/a5quN0PSO4G0XTaEMQErAAUPHp0k=”,
Serial Number 320412DF4C2FB102F3980CAA76BA610AE62C8492
Subject C=KZ, O=ISCA, CN=Information Security Certification Authority
Issuer C=KZ, O=ISCA, CN=Information Security Certification Authority
Not Before 2020-02-28T06:16:40Z
Not After 2050-02-28T06:16:40Z
SHA1 Hash 1375EBDCF56359AAE0423E861AC8FC6231511CE6
SHA256 Hash 89107C8E50E029B7B5F4FF0CCD2956BCC9D0C8BA2BFB6A58374ED63A6B034A30
SPKI SHA256 8928C59398B0F171C0F96FDAE6AB8DD0F48EE06D174DA10C404AC00143C7A749
Subject SPKI SHA256 6B0F6067F2FE25B0BAC6679266AE73749DC7D1044C84809398F9E37AF3F4F311
HPKP PIN-SHA256 iSjFk5iw8XHA+W/a5quN0PSO4G0XTaEMQErAAUPHp0k=
Certificate Extensions
AuthorityKeyID sgQS30wvsQLzmAyqdrphCuYshJI=
SubjectKeyId sgQS30wvsQLzmAyqdrphCuYshJI=
I found this one through a meta-tracking bug for Kazakhstan MITM:
Bug 1883772: [meta] tracking blocking Kazakhstan MITM roots
At first I thought that could be just a “page blocked” redirection host which mimic the domain, but no, this is a “legitimate” certificate issued for m.joyreactor.cc by KZ intermediate certificate.
$ openssl verify -attime 1706797413 -CAfile kzall.crt -show_chain -verbose m-joyreactor-cc\(1\).pem
m-joyreactor-cc(1).pem: OK
Chain:
depth=0: CN = m.joyreactor.cc (untrusted)
depth=1: C = KZ, O = ISCA, CN = Intermediate
depth=2: CN = Information Security Certification Authority, O = ISCA, C = KZ
soulja
3
Сейчас обнаружил вот такой перфоманс
echo | openssl s_client -servername xakep.ru -connect xakep.ru:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer=C = KZ, O = ISCA, CN = Intermediate
subject=CN = xakep.ru
notBefore=Jul 22 10:41:04 2024 GMT
notAfter=Oct 20 10:41:03 2024 GMT
zzr
4
ето точн понтделка у их там летс енкрипт (US) а не KZ
issuer=C=US, O=Let's Encrypt, CN=E5
subject=CN=xakep.ru
notBefore=Jul 22 10:41:04 2024 GMT
notAfter=Oct 20 10:41:03 2024 GMT
soulja
6
Да, это настоящий сертификат, у меня происходит подмена
да это понятно. интересно что дата/время прям один в один
и какие то непонятные пробелы в сертификате. ошибка их “генератора” ?
смотрю везде слитно
issuer=C=US, O=Let's Encrypt, CN=E5
subject=CN=ntc.party
issuer=C=US, O=Let's Encrypt, CN=R10
subject=CN=sber.ru
issuer=C = KZ
O = ISCA
CN = Intermediate
subject=CN = xakep.ru
soulja
8
Так вроде все нормально, где лишние пробелы? Подмена кстати прекратилась.
tango
9
OONI, Internet Freedom Kazakhstan (IFKZ), and Eurasian Digital Foundation have a new report on Kazakhstan that documents MITM using this latest “Information Security Certification Authority” certificate since 2021. They have a list of known affected domains and various intermediate certificates that have been seen. Their analysis ends in June 2024, so it doesn’t include your notBefore=Jul 22 10:41:04 2024 GMT, but it’s consistent with the pattern.
Specifically, OONI data from Kazakhstan shows that the following domains were targeted by TLS MITM attacks:
The specific intermediate certificate that we found to be signed by the latest root certificate has as common name “Information Security Certification Authority” and has an issuance date of 28 February 2020 and expiry date of 28 February 2050.
In OONI data collected from Kazakhstan between 2023 to 2024, we found 6 distinct intermediate certificates being used to carry out the TLS MITM. Each of these certificates has a relatively short duration period of validity of 75 days. This means that in order for the certificate chain to continue functioning properly, they would have to re-emit a new intermediate from their root CA at least every 74 days.
The specific intermediates we found in our data are the following:
What’s quite surprising from the above time ranges is that it’s quite apparent that there is a gap in between the renewal of the certificates. Based on OONI data, we were able to confirm that even if internet users in Kazakhstan were to have installed the root certificate, as directed by the government, they would still have received certificate validation errors between 2nd November 2011 and 9th August 2023. Shorter windows of invalidity for the certificate can be observed between 23rd October 2023 and 28th November 2023, and then between 11th February 2024 and 20th March 2024.
What can be seen from the chart below is that these intermediate certificates were spotted in the wild and being used to perform MITM even during periods of certificate invalidity.
This suggests that if users were to attempt to visit the sites affected by the MITM and had installed the root CA, they would still be getting an error.
It’s unclear to us why they went through the hassle of telling users to install the root CA, but then failed to keep the intermediates up to date in order to effectively carry out a MITM attack, even when users were fully compliant with government orders. We can only speculate that this is either due to some misconfiguration in the periodic renewal task (although for the first certificate we see the time window of invalidity is almost 2 years), or that for 3 times they forgot to renew their certificates on time.
