Kazakhstan shut down its internet. These programmers opened a backdoor

0

With over 60,000 followers on Telegram and nearly 20,000 on Instagram, Narikbi Maksut was used to a constant flurry of notifications. When his phone went silent, he knew something was wrong.

“At first I thought they just blocked the internet, but they literally turned it off,” said Maksut, an IT specialist in the Netherlands. “That’s when I started to panic.”

Protests against a fuel price hike in early January began to spread across Kazakhstan, where Maksut is from. He had been livestreaming on Instagram with friends during the protests, keeping in touch with loved ones and closely monitoring events unfolding in one of the worst bloodshed in the country’s 30 years of independence.

Kazakhstan’s internet shutdown followed what experts ominously call a circuit breaker pattern. Equipment that connects to the Internet has been turned off manually by telecommunications companies, in this case by order of the government.

Network connections can be disconnected or rerouted in such a way that they become unusable. Seen most recently in Burkina Faso, this is particularly feasible in countries where a few telecom companies have a monopoly. “Kazakhstan is a huge country, but it has only 30 service providers,” said Mikhail Klimarev of the Internet Defense Society. For comparison, Russia has about 3,500, although that number is declining. You can only turn off the Internet when there is a monopoly.

Then Kazakhstan pressed the circuit breaker. For five consecutive days, the government shut down the internet. Although this is an unprecedented decision by the authorities in Kazakhstan, the government is a dictatorship and its monopolistic control over telecommunications is enshrined in law. While parts of the huge country – the size of Western Europe – were able to remain partially connected, residents of the largest city, Almaty, were plunged into a total blackout: wired and mobile internet cut off , and sometimes landline service, too.

What Maksut and a group of his friends did next, however, is a valuable case study in how to survive an internet blackout – a tactic increasingly used by authoritarians around the world. The success of these programmers in setting up nearly 40 proxy servers in a matter of days on a shoestring budget speaks to the dilemma faced by old-school authoritarian regimes like Kazakhstan: a growing, tech-savvy middle class with knowledge -how to overcome the digital tools of authoritarianism. Based on user traffic provided by Telegram, Maksut estimates the group brought between 300,000 and 500,000 people online on the messaging app during the five-day shutdown.

Like Belarus, where censorship and shutdowns are also favored tools for crushing dissent, Kazakhstan has a thriving IT sector with experts employed at the world’s leading tech companies. Maksut, a programmer at Booking.com in Amsterdam, sent a call on his Telegram channel when he saw that Kazakhstan was offline. Twenty expatriate Kazakhs responded. They work in offices such as Meta in London, Amazon in Luxembourg, Google in Zurich, all trying to reach family members in Kazakhstan.

From Zharaskhan Aman’s Telegram channel, https://t.me/hypezhora

Over the next few days, the loosely organized group set up dozens of proxy servers, first for Telegram, then even for internet browsers like Firefox. Maksut admits that their users’ estimates are not accurate; not all had the chance to collect data. But more recently, on January 19, Zharaskhan Aman, a software engineer at Facebook in London, rounded up some of the numbers he got from Telegram analysis showing that the 9 servers he created alone numbered 155,762. Kazakhstan users between January 4 and January 11. I didn’t expect such a flow of people, some of them didn’t even know what a proxy was,” Aman said.

When they realized there was a way to get through the internet blackout in Kazakhstan, they came up with an ambitious plan. “I realized then that we could expand that,” Maksut said. “Expand it to bring an entire city, all of Almaty, back online on Telegram.”

Certainly, internet connectivity experts and those who monitor internet outages say that what programmers have accomplished is not scalable and beyond the reach of the millions of daily low-tech internet users that are taken offline during outages. Data from NetBlocks, a London-based global internet monitor, shows how effective this blackout was, with internet traffic dropping from 100% connectivity to 2% on January 5.

The graph below shows that traffic slowly increased over the next few days, with authorities restoring connections at times before lifting the blackout on January 11.

“Of course, you can’t say that they provided a connection to all of Kazakhstan. For the ordinary user, it was not just complicated, it was super complicated,” said Mikhail Klimarev, director of the Society for Internet Defense. “I’m not saying anything against them, they’re great guys and they did things exactly the way they should: people have to research like that. And if the stop had continued, it is possible that what they did was in demand.

Nevertheless, the frequency of global shutdowns grows exponentially and Coda spoke to four of the programmers to figure out how it worked.

A senior software engineer at LinkedIn in Toronto, Maksat Kadyrov sprang into action when he lost contact with his brother in Almaty. He went live on Instagram, looking to crowdsource a way to reach his family. Surprisingly, a few IT people in Kazakhstan were able to log in and report that four or five of their VPNs were still working inside the country. “If the internet is blocked, it shouldn’t work,” Kadyrov recalls. “It violates the whole logic of an internet outage.”

Already in contact with Maksut, Kadyrov and a handful of other specialists realized that this must mean there were cracks in the blackout that could be exploited, a backdoor still open to internet traffic. Says Kadyrov: “It was as if the internet hadn’t been turned off after all, but a curtain had been draped, with a few bursts of light still shining.”

Kadyrov went in search of any ports that still worked, joining others as he worked. Computer network ports act almost like mail sorting tubes, directing data where it needs to go. He streamed Instagram live for hours as they scanned some of the more than 65,000 ports. During the live stream, they found five open ports, tested them, and were able to establish a connection. They later learned that it was a bug in outdated Cisco equipment, widely used by Kazakh telecom operators, that had accidentally left these ports open. Kadyrov, Maksut and the others have used these open ports to support their operations, raising funds or paying the cloud computing bill themselves from service providers such as Digital Ocean and Amazon.

Sharing connection instructions via Telegram, email and SMS, group members said they were overwhelmed by demand. Within 24 hours, Kadyrov said he received more than 2,000 requests to access his servers, which he sent one by one. Maksut was also inundated with access requests: “They’ve gone like hot cakes.”

Almaty, January 12. Pavel Pavlov/Anadolu Agency via Getty Images.
Almaty, January 12. Pavel Pavlov/Anadolu Agency via Getty Images.
Almaty, January 11. Pavel Pavlov/Anadolu Agency via Getty Images.

Previous

Following

For those outside the country, the entire blackout was baffling. Just when reports of chaos, gunfire and an ongoing terrorist attack made international headlines, the messages ceased airing. The calls just don’t go through. For the nearly 19 million people living in Kazakhstan, the chaos was far more immediate. Loudspeakers in city centers, remnants of the Soviet past, were used to broadcast ominous messages asking residents to stay indoors and away from windows, with no further context given. TV stations and even radio shows either stuck to entertainment programming or just didn’t work.

Over the next five days, internet connections were restored periodically, in some cases related to certain government announcements. People were able to make calls again. The government’s official message was that a mass terrorist attack, largely carried out by foreigners, was underway across the country. The authorities have presented little evidence to back up their claims, while dozens of protest activists and supporters were detained, with some reporting being beaten and tortured in jails.

In response to government statements, opinions within the VPN group had split on what to do next. Kadyrov shut down his VPNs. “My position was that it was important to stand with the government against these terrorists. Then I saw that people were starting to use my VPNs for torrenting and mining bitcoin. I said, ‘Thank you all, I’m out.’

Others, like Maksut, kept their VPNs on, thinking that if there really was a sophisticated terrorist attack going on, they weren’t waiting to use his VPN connection to communicate, especially since the periodic throttling during protests have been a common practice for years in Kazakhstan. . The priority was to keep people informed.

“People died because they had no information or connection,” said Aman, the engineer in London. Over the next few weeks, dozens of stories emerged from life in an information void where many continued unaware of the violence. A 12 year old boy would have been killed by a stray bullet walking to buy bread with his mother; a four-year-old girl was shot dead when her father drove into the city center with his three children, directly into a gunfight.

“There’s really no benefit to a shutdown,” said Natalia Krapiva, technology legal counsel at Access Now. “It doesn’t help governments maintain security, it doesn’t help them maintain order, it doesn’t help misinformation spread, it’s actually the opposite: shutdowns are usually associated with more of violence. People end up with every bit of rumor they can find.

Supported by the Russian language news exchange

Share.

Comments are closed.