Central Asian Cyber Security

The fight against Internet crime must not undermine good governance

NURIA KUTNAEVA/INDEPENDENT RESEARCHER, KYRGYZ REPUBLIC

After obtaining independence in 1991, Kazakhstan, the Kyrgyz Republic, Tajikistan, Turkmenistan and Uzbekistan — all facing completely new challenges and threats to their national securities — each chose different paths for political, social and economic development. Border security, religious extremism, drug trafficking, corruption and political turbulence have been longstanding problems in Central Asian states, but a new challenge has surfaced in the past decade: crime involving high technology and the Internet.

Cyber security is closely connected to the spread of the Internet, which is growing throughout the Central Asian states (CAS), despite varying connection speeds. In terms of Internet speed, Kazakhstan was ranked 58th out of 188 countries in February 2014, Tajikistan was 66th, the Kyrgyz Republic was 81st and Uzbekistan was 171st, according to Ookla, a company that tests broadband speeds every 30 days. The average download speed in the European Union was rated as much faster.

TO GO WITH AFP STORY by Anton Lomov Children enjoy computers in a computer centre in Ashgabat on July 22, 2013. Turkmenistan, an energy-rich Central Asian nation bordering Afghanistan and Iran, was for two decades ruled by dictator Saparmurat Niyazov, best remembered for his bizarre personality cult complete with gold statues, his own philosophy book and deep suspicion of cyberspace. After his death in 2007, the country has taken cautious steps to dismantle his legacy. The first two Internet cafes opened in Ashgabat two days after the inauguration of the new president, Gurbanguly Berdymukhamedov. AFP PHOTO / IGOR SASIN (Photo credit should read IGOR SASIN/AFP/Getty Images)

Children use computers in Ashgabat, Turkmenistan. President Gurbanguly Berdimuhamedow has broadened the country’s use of the Internet since his inauguration in 2007. AFP/Getty Images

In 2010, Kazakhstan had the highest rate of infected computers and spam traffic among the five Central Asian states (85 percent). And in 2013, 92 percent of Kazakh organizations experienced at least one cyber attack. This was likely due to the large number of Internet users and Kazakhstan’s attractive financial state. Kazakhstan was followed by Uzbekistan with 8 percent and the Kyrgyz Republic with 4 percent of infected computers. Tajikistan (1 percent) and Turkmenistan (2 percent) had the lowest percentages of infected and spammed computers.

Cyber crime in CAS

Cyber crime falls into three major categories in Central Asia: hooliganism, hacktivism and cyber fraud. Cyber hooliganism implies “muscle-flexing” — done by young, talented hackers who want to prove to colleagues how easily they can disrupt a system. On July 19, 2010, a 14-year-old boy from Russia and his friends hacked into the website of the National Space Agency of Kazakhstan by creating a user account with administrator rights. The boy argued that the developers did not sufficiently protect the portal. “What we did is, of course, illegal,” the boy said in justification. “But on the Kazakhstani website, we created a topic where we indicated where its vulnerability is.”

Since the Internet is a symbol of globalization, hackers become comfortable operating internationally. The Central Asian states suspect they are victims of foreign hackers because the defaced or cracked websites are sometimes left with images of foreign flags and inscriptions. However, the origin is unknown. Hackers often redirect attacks to hide their identity or to pin the blame on others, cyber security specialist Oleg Demidov of the PIR Center in Moscow points out.

For example, from 2012 to 2013, several Kyrgyz government sites were vandalized by hackers believed to be from Turkey and Estonia. In 2012, a hacker from Turkey changed the passwords to many Kazakh websites. In 2013, a Southeast Asian team hacked nine Kazakh legal websites.

Competition and revenge are often motivators. In 2011 a Kazakh website selling cars was hit with severe distributed denial-of-service (DDoS) attacks. Owners of the site concluded that revenge was the motive because site administrators had declared war against fraudsters who had tried to sell cheap cars through their site.

Hacktivism, the act of hacking or breaking into a computer system for political or social reasons, occurs frequently in Central Asia. As Ty McCormick, editor at Foreign Policy magazine, put it: “If there’s one thing that unites hacktivists across multiple generations, its dedication to the idea that information on the Internet should be free — a first principle that has not infrequently put them at odds with corporations and governments the world over.”

Hacktivists in Central Asia are frequently individuals or groups of information technology specialists whose main motivation is political: They want to bring an issue to the attention of their government. An Uzbek case from early 2013 is illustrative: There were two defacing attacks on the official website of the national television and radio broadcasting company of Uzbekistan, MTRK. Uzbek hackers, calling themselves “Clone-Security,” made a public statement that criticized their government. The same hacking team was responsible for defacing the Ministry of Healthcare’s website in 2012 because it disagreed with a government policy.

graph1enggraph2engThis group also has foreign policy ambitions. In February 2013, it launched attacks against Kyrgyz government and public websites: the Ministry of Internal Affairs, the Anti-Terrorist Center, the State Committee of National Security and the Supreme Court.

Cyber fraud is cyber crime committed in the financial sphere. For example, in 2009, a 20-year-old Kazakh IT specialist hacked into the computer system of a Kazakh bank and transferred $1 million to his bank account. He fled to Moscow, where Russian police arrested him after he attempted to withdraw the money.

Governmental institutions are not exempt from fraudsters, nor are nonfinancial businesses. In a case of cyber extortion, in March 2012, the owner of a Kyrgyz entertainment website suffered several days of DDoS attacks. A hacker sent a blackmail message warning that the attacks would continue if the owner didn’t pay. In Tajikistan, in December 2013, the court convicted three cyber criminals who converted international calls into internal calls and stole the rate difference.

Government agencies confront cyber challenges

Sometimes CAS governments block access to pro-opposition websites by organizing DDoS attacks against them, producing a considerable challenge to Central Asian societies. Although these accomplish the governments’ short-term goals, they undermine good governance by stopping people from sharing information and from peacefully expressing their views and opinions.

However, governments may find their resources more useful in operations and efforts aimed at confronting cyber crime and threats to critical infrastructure. There are already quite a few examples of these successful efforts. Special units inside ministries of internal affairs pay close attention to cyber crimes. For example, the “K” Department established in the Ministry of Internal Affairs of Kazakhstan in April 2003 contends with a wide range of crimes connected with computer and Internet technology, including cyber bullying, counterfeit DVDs, the spread of information promoting extremism, terrorism, cruelty and violence, and child pornography. In 2006, Kazakh authorities established the National Contact Point to fight IT crime and to exchange information with the Commonwealth of Independent States and foreign partners.

In the Kyrgyz Republic, a group focusing on cyber threats was established inside the Ninth Main Directorate of the Ministry of Internal Affairs in 2009. Its main objective is to search for the online presence of extremist organizations, such as Hizb ut-Tahir. In Tajikistan, cyber criminals were recently caught by the Directorate for Combating Organized Crime.

Other governmental entities specializing in communications and technologies also are responsible for meeting cyber threats. This is the case in Uzbekistan, where the Computer Emergency Response Team was started in 2005. And in September 2013, the Information Security Center was launched within the State Committee of Communication, Information System Development and Telecommunication Technologies. In Tajikistan, the government communications service is very powerful and reportedly blocked dozens of sites in 2012 and 2013.

Responding to cyber threats

Realizing that defending against cyber threats demands cooperation with other international stakeholders, regional leaders have raised issues of information security within the framework of regional organizations. At the summit of the Shanghai Cooperation Organization (SCO) in 2006, heads of member states signed the Declaration on International Information Security. In 2009, participants in the SCO summit in Yekaterinburg, Russia, adopted the Yekaterinburg Declaration, which underscores the urgent need to respond to cyber threats. In the SCO, information security was deemed as important as national sovereignty, national security, and social and economic stability.

At the 2013 SCO summit, in Bishkek, Kazakh President Nursultan Nazarbayev stated that his country supported the improvement of activities within the SCO Regional Anti-Terrorist Structure. We “welcome the first meeting of experts on cyber terrorism held in June of this year in Tashkent.” To counter information threats, it was decided to establish from SCO member states an expert group on international information security.

In 2010, the Collective Security Treaty Organization (CSTO) adopted the Regulation on Cooperation in the Field of Information Security. The purpose is to create an institutional and legal framework for cooperation among the members of the organization. CSTO performs a range of operations called “Countering Criminals in Information.” Its main objective is to combat cyber crime in member states and to counteract prohibited information on the Internet relating to extremism, terrorism, pornography and information that can cause political damage to states’ interests. For example, during operations in 2009 and 2010, more than 2,000 websites were identified as inciting ethnic and religious hatred, and more than 600 sites were suspended. During an operation conducted in 2013 in the southern Kyrgyz Republic, about a dozen sites were accused of recruiting terrorists and inciting interethnic dissention.

In September 2011, SCO states that included China, Russia, Tajikistan and Uzbekistan submitted a draft resolution to the United Nations General Assembly on information security. The International Code of Conduct for Information Security proposed the regulation of state actions in cyberspace. Rules also called for U.N. member states to cooperate in combating criminal, terrorist and extremist activities with the use of information resources, and any activity that “undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment.”

The rules specify that it is unacceptable to use information and communication technologies in a manner contrary to international security. The document sends three interesting messages. First, it declares that a threat with an unknown origin needs to be addressed. This threat may come from nonstate actors or other states. In fact, the rules identify “three evils”: terrorism, secession and extremism, in line with the ability of other countries via information technologies “to carry out hostile activities or acts of aggression, pose threats to international peace and security or proliferate information weapons or related technologies.” Second, the document confirms the right of every state to control and monitor Internet technologies on their territories: “to reaffirm all the rights and responsibilities of States to protect, in accordance with relevant laws and regulations, their information space and critical information infrastructure from threats, disturbance, attack and sabotage.” Third, it stipulates that cooperation between state and private companies is essential to combat cyber threats.

Conclusion

In the past decade, aside from economic, social and political challenges, Central Asian states had to contend with a threat no one expected back in 1991. Internet use has grown so fast in recent years that government authorities could not accommodate their responses to it adequately. Therefore, they reached for solutions based on familiar practices in the political and social spheres — by blocking Internet providers, obstructing websites and tampering with Internet connection speeds.

At the moment, Central Asian states are confronted mostly with threats coming only from the lowest levels of cyber crime — hooliganism, hacktivism and cyber fraud. However, in such a turbulent region, threats of cyber terrorism and cyber warfare should not be underestimated. Therefore, Central Asian leaders must take active steps to protect their own critical information infrastructure.

Finally, declaratory statements and intentions to cooperate in cyberspace are made within the framework of
Central Asian regional organizations. Identifying sites with extremist and terrorist content in each other’s national domains is a great idea. However, it is a big question whether more in-depth cooperation is possible. It requires trust, and there should be a joint understanding of information security concepts. Over time, understanding will grow on this issue, and Central Asian states will move in a good democratic direction.