Internet users across Kazakhstan have complained about network failures since the end of September and, while the government blames hackers, experts believe the country’s dependence on Russian infrastructure is at the root of the problem.
STS, the technical department of the Committee for National Security, said it recorded around 20 million cyberattacks in September. In a statement, STS claims to have used the local Cybershield protection system to repel malicious traffic and malware. The government believes that the attacks are linked to the elections, scheduled for November 20.
Restricting access to “problematic” websites is one of the most common methods of internet censorship, said Baurzhan Rakhmetov, assistant professor at the International School of Economics at KazGUU University in Astana. If the government believes that independent resources or opposition sites, as well as certain social media users, could incite popular rallies or demonstrations, they can become the targets of cyberattacks.
“In Kazakhstan, websites are blocked all the time, and in a systematic way. Restricting websites or jamming internet connection has been an established practice for at least two decades. In 2000, when only around 1% of Kazakhstanis had access to the internet, one news websites that published articles about corruption scandals related to the country’s leadership was blocked. Since then, the authorities have monitored internet publications and restricted freedom in the cyberspace,” Rakhmetov told Vlast.
Around election time, as the population becomes more active, website blocking increases.
“This is common practice around the world, not just in Kazakhstan. At the time of elections, internet failures and lack of access to social media are not accidental: The authorities closely monitor online content that could spread unwelcome information. We saw this dynamic unfold during the June 2019 presidential elections and shortly before the parliamentary elections of 2021. During this presidential campaign, we are seeing the same,” the political scientist added.
Distributed denial of service (DDoS) are among the most common cyberattacks in Kazakhstan, according to official data. Attackers use bots to flood a website with requests, essentially clogging access and causing its “collapse.” This practice is simple to implement and difficult to prevent, which makes them a common measure that states use to censor media, journalists, and politicians, Rakhmetov said.
Yelzhan Kabyshev, lawyer and director of the “Digital Paradigm” foundation, said that most of the existing infrastructure in Kazakhstan depends on accessibility through the Russian territory. In addition, the legal framework and law enforcement practice in Kazakhstan contribute to a worsening environment for internet freedom.
“The laws establishing the reasons for denying access to internet resources or social media are vague. The categories of extremism, terrorism or pornography can be applied arbitrarily,” Kabyshev said.
Blockages can occur without a notification: A website would just fail to open and leave the owners wondering whether it was an attack or it came from law enforcement.
“In most cases, website owners are not notified by the authorities. Opening a website in Kazakhstan equates to establishing a media source, and therefore the Ministry of Information and Social Development should be in charge of this,” Kabyshev told Vlast.
Talgat Nurlybayev, director of the Kazakhstani chapter of the NGO Internet Society, said that several websites were blocked in Kazakhstan despite not having a direct link to politics.
“Politically-motivated blockages intensify before the elections. In addition, attacks on the Russian infrastructure have occurred with increased frequency since the start of the war with Ukraine, because almost the entire global hacker community has taken Ukraine’s side. And in Kazakhstan, the technical staff working at the STS lacks qualifications,” Nurlybayev said.
Attacks on Russia’s physical IT infrastructure directly affect Kazakhstan’s access to the internet, thus the STS haphazardly blocks entire bundles of IP addresses.
“We need to build alternative routes for internet traffic. At least 95% of our traffic passes through Russian infrastructure. It is obvious that having alternative links is better. Just like with the Caspian Pipeline Consortium (an oil pipeline from Kazakhstan to Russia’s Black Sea port of Novorossiysk - ed.), we depend on an unreliable partner. If Russia is under attack, we also suffer because the STS is activated,” said Nurlybayev.
“It’s difficult to differentiate DDoS traffic from regular internet activity, and our guys are not good at it.”