Kazakhstan shut down its internet. These programmers opened a backdoor
The internet blackout fueled fear, panic and even deaths. Thousands of people in Kazakhstan were able to get online thanks to a crusading band of expat technologists.
With over 60,000 subscribers on Telegram and close to 20,000 on Instagram, Narikbi Maksut was used to a constant flurry of notifications. When his phone went silent, he knew something had gone wrong.
“At first I thought they had just blocked the internet, but they had literally turned it off,” said Maksut, an IT specialist in the Netherlands. “That’s when I started to panic.”
Demonstrations over a hike in fuel prices in early January started to spread across Kazakhstan, where Maksut is from. He had been live streaming on Instagram with friends at the demonstrations, staying in touch with relatives and keeping close watch as events unraveled into some of the worst bloodshed in the country’s 30 years of independence.
Kazakhstan’s internet shutdown followed what experts ominously refer to as a kill switch model. The equipment that connects the internet was manually turned off by telecommunication companies, in this case by government order.
Network connections can be disconnected or re-routed in such a way that they become unusable. Seen most recently in Burkina Faso, this is especially achievable in countries where a few telecommunication companies have a monopoly. “Kazakhstan is a massive country yet it has just 30 service providers,” explained Mikhail Kilmarev, from the Society for the Defense of the Internet. “For comparison, Russia has about 3,500, though this number is going down. You can only turn off the internet when there is a monopoly.”
Then Kazakhstan hit the kill switch. Over five straight days, the government shut down the internet. Although an unprecedented move by Kazakhstan authorities, the government is a dictatorship, and its monopolistic control over telecommunications is enshrined by law. While some regions across the huge country — the size of western Europe — were able to stay partially online, residents in the largest city, Almaty, were plunged into a total blackout: both wired and mobile internet turned off, and sometimes landline telephone service, too.
What Maksut and a group of his friends did next, however, is a valuable case study on how to survive an internet blackout — an increasingly go-to tactic for authoritarians worldwide. The success of these programmers to set up close to 40 proxy servers over a few days on a shoestring budget speaks to the dilemma facing old-school authoritarian regimes like Kazakhstan: a growing tech-savvy middle class with the know-how to overcome the digital tools of authoritarianism. Based on user traffic provided by Telegram, Maksut estimates the group got between 300,000 to 500,000 people online on the message app during the five-day shutdown.
Like Belarus, where censorship and shutdowns are also favored tools for squashing dissent, Kazakhstan has a flourishing IT sector with experts employed at leading global tech companies. Maksut, a programmer at Booking.com in Amsterdam, sent out a call on his Telegram channel when he saw Kazakhstan had gone offline. About 20 expat Kazakhs answered. They work at offices such as Meta in London, Amazon in Luxemburg, Google in Zurich, all trying to reach their family members in Kazakhstan.
Over the next few days, the loosely organized group set up dozens of proxy servers — first for Telegram and later even for internet browsers like Firefox. Maksut admits their user estimates aren’t exact; not all of them had a chance to collect data. But more recently, on January 19, Zharaskhan Aman, a software engineer at Facebook in London, rounded up some of the numbers he had from Telegram analytics showing that the 9 servers he raised alone had 155,762 users from Kazakhstan between January 4 and 11. “I didn’t expect such a flow of people, some of them didn’t even know what a proxy was,” said Aman.
When they realized that there was a way through Kazakhstan’s internet blackout, they formed an ambitious plan. “I realized at that moment that we can scale this up,” Maksut said. “Scale it up to get an entire city, all of Almaty, back online on Telegram.”
To be sure, experts on internet connectivity and those monitoring internet blackouts say what the programmers accomplished is not scalable and is out of reach for the millions of low-tech, everyday internet users knocked offline during blackouts. Data from NetBlocks, a London-based global internet monitor, shows just how effective this particular blackout was, with internet traffic plummeting from 100% connectivity to 2% on January 5.
The graph below does show that traffic slowly rose over the next few days, with authorities restoring connections at select times before lifting the blackout on January 11.
“Of course you can’t say that they supplied all of Kazakhstan with a connection. For the ordinary user, it wasn’t just complicated, it was super complicated,” said Mikhail Klimarev, director of the Society for the Defense of the Internet. “I’m not saying anything against them, they are great guys and did things exactly the way they should: people have to do research like this. And if the shutdown had continued, it’s possible what they made would be in demand.”
Nevertheless, the frequency of global shutdowns is growing exponentially and Coda spoke to four of the programmers to understand how it worked.
A senior software engineer at LinkedIn in Toronto, Maksat Kadyrov jumped into action when he lost touch with his brother in Almaty. He went live on Instagram, looking to crowdsource a way to reach his family. Surprisingly, a few IT specialists in Kazakhstan were able to connect and report that four or five of their VPNs were still working inside the country. “If the internet is blocked, this shouldn’t be working,” Kadyrov remembers thinking. “This violates the entire logic of an internet blackout.”
Already in touch with Maksut, Kadyrov and a handful of other specialists realized this must mean there were cracks in the blackout that could be exploited, a backdoor still open to internet traffic. Said Kadyrov: “It was as if the internet hadn’t been turned off after all, but a curtain had been draped over, with a few bits of light still shining through.”
Kadyrov went hunting for any ports that were still working, rallying with others as he worked. Ports in computer networking act almost as mail sorting tubes, directing data to where it should go. He live streamed on Instagram for hours as they scanned some of the more than 65,000 existing ports. During the live stream, they found five open ports, tested them and were able to establish a connection. They later learned that it was a bug in outdated Cisco equipment, used widely by Kazakh telecom operators, which had accidentally kept these ports open. Kadyrov, Maksut and the others used these open ports to support their operation, crowdsourcing funds or footing the cloud computing bill themselves from service providers like Digital Ocean and Amazon.
Sharing connection instructions by Telegram, email and text, members of the group said they were overwhelmed with demand. Within 24 hours Kadyrov said he had more than 2,000 requests for access to his servers, which he had been sending out one-by-one. Maksut was also overwhelmed with requests for access: “They went like hotcakes.”
For those outside the country, the totality of the blackout was unnerving. Just as reports of chaos, gunfire and an unfolding terrorist attack broke in international headlines, messages stopped delivering. Calls simply didn’t go through. For the nearly 19 million people living in Kazakhstan, the chaos was far more immediate. Loudspeakers in city centers, leftover remnants of the Soviet past, were used to broadcast ominous messages for residents to stay indoors and away from windows, no further context given. Television stations and even radio broadcasts stuck to entertainment programming or were simply not working.
Over the following five days, internet connections were restored periodically, in some cases tied to certain government announcements. People were able to place calls again. The government’s official messaging has been that a mass terrorist attack, largely led by foreigners, was underway across the country. Authorities have presented scant evidence to back up their claims, while scores of activists and supporters of the protest have been detained, some reporting beating and torture in prisons.
In response to the government’s pronouncements, opinions within the VPN group had split on what to do next. Kadyrov shut down his VPNs. “My position was that it was important to stand with the government against these terrorists. Then I saw people were starting to use my VPNs for Torrent and for mining bitcoin. I said, ‘Thanks everyone, I’m out.’”
Others, like Maksut, kept their VPNs going, reasoning that if there really was a sophisticated terrorist attack underway, they weren’t waiting around to use his VPN connection to communicate, especially as periodic throttling during protests have been common practice for years in Kazakhstan. The priority was to keep people informed.
“People died because they didn’t have information or a connection,” said Aman, the engineer in London. In the following weeks dozens of stories emerged of life in an information void where many carried on unaware of the violence. A 12-year-old boy was reportedly killed by a stray bullet while walking to buy bread with his mother; a four-year-old girl was shot dead when her father drove into the city center with his three children, straight into a shootout.
“There is really no benefit to a shutdown,” said Natalia Krapiva, tech legal counsel at Access Now. “It doesn’t help governments maintain security, it doesn’t help them maintain order, it doesn’t help misinformation from spreading, it’s actually the opposite: shutdowns are usually associated with more violence. People are left with whatever pieces of rumors they can find.”
Supported by the Russian-Language News Exchange
The story you just read is a small piece of a complex and an ever-changing storyline that Coda covers relentlessly and with singular focus. But we can’t do it without your help. Show your support for journalism that stays on the story by becoming a member today. Coda Story is a 501(c)3 U.S. non-profit. Your contribution to Coda Story is tax deductible.
The Big Idea
China's repression of journalists: no more borders, no more constraints
China's determination to silence journalists is the culmination of an authoritarian project that models a new level of global repression combining high-tech surveillance with traditional mafia tactics of threats against familyRead more
Why targeting ethnic minority journalists is central to China’s crackdown on the press
China’s crackdown on Uyghurs reaches the Arctic
China ordered a Uyghur journalist extradited to Xinjiang. His wife has taken to the Istanbul streets to stop it
China’s Global Dragnet
Immersive simulation attempts to pierce apathy over the Uyghur genocide
Threatened, harassed, punished: The Uyghur translators defying China to tell Xinjiang’s story