‘R.I.P’ was written four thousand times in the comments to the YouTube channel ‘Obozhayu’. The threats were addressed to the founder of the channel, Askhat Niyazov, who publishes his critical interviews, which do not let the akims (mayors) sleep peacefully at night. The threats first appeared in early 2024 and became the continuation of cyber-attacks against Kazakhstan media outlets that were launched at the end of 2023. What do journalists and bloggers do not to lose in this ‘digital war’?
Hackers vs. journalists
The business outlet Kursiv.Media reported an abnormally high number, over 1.3 billion – queries from bots that searched for number one on the website. This classic DDoD-attack was meant to take down the resource due to a great number of queries, which exceeded the network capacity. The website was unavailable from time to time because there were 400 times more queries than at a normal time.
The Instagram account of Kursiv.Media was blocked simultaneously, and nearly 90 thousand fake accounts (bots) were added to the Telegram channel. According to the media, the unknown persons repeatedly tried to hack the corporate mail and corporate servers.
The public account about budgetary expenditures ProTenge was attacked by hackers four times at the end of 2023 – early 2024. Bots sent mass complaints to the Instagram service about the content of ProTenge, which has 114 thousand followers.
“The unknown persons imitated Instagram violations, and the system responded by blocking the account. This type of Instagram reaction is actually a protective function for social media users (from unsuitable content – Editor’s note). Hackers used this protective function for their benefit. Luckily, we have managed to restore our website four times,” said Dzhamilia Maricheva, founder of ProTenge.
The Telegram channel ProTenge also was attacked by bots as they massively followed the channel and made insulting comments. However, bots were cleaned out.
At the end of 2023 and early 2024, the business media outlet Inbusiness.kz, news agency KazTAG, Telegram channel of Mikhail Kozachkov, TikTok account of media project Shishkin_like, created by journalist Dmitry Shishkin, were attacked by DDoS-attacks and bots. Thus, the website KazTAG was practically unavailable in Kazakhstan on February 13-14.
Journalists and experts share the opinion that cyber-attacks are a way of putting pressure on the media.
“The main reason of the increased number of cyber-attacks against journalists in Kazakhstan is an attempt to conceal information about corruption and violations of human rights in the country,” said Yelzhan Kabyshev, director of public foundation ‘DIGITAL PARADIGM’, member of the expert group on digital rights.
Not critically important
Massive cyber-attacks have prompted the media community to consolidate. December 21, 2023, Kursiv.Media initiated a roundtable discussion ‘Information security of the media: How to protect journalism from hackers’. Media representatives, public activists, IT specialists and experts took part in it. They decided to establish a task force to share practices in the field of cyber-security and create a database about attacks. The general ‘map of attacks’ can help identify attackers or the content that causes pained reaction of customers.
On January 12, 2024, the media that became the target of hackers filed a collective petition to the law enforcement bodies. Among the signatories were Kursiv.Media, Inbusiness.kz, Protenge.kz, Shishkin_like, AIRAN and project ‘Obozhayu’.
The petition was initially submitted to the National Security Committee (KNB). However, KNB officers failed to conduct an investigation. According to them, the information systems specified in the collective petition (namely websites, accounts in various social media) “are not on the list of critically important objects of the information and communication infrastructure of the Republic of Kazakhstan.”
“The investigation of the specified facts is out of the area of competence of national security agencies. At the same time, we recommend you to resort to the relevant bodies of internal affairs,” according to the KNB reply.
The lawyer of Kursiv.media Maksim Mostovich regrets that the petition was forwarded to the bodies of internal affairs, “KNB has very good technical capacity and specialists to identify a performer. It is clear that customers will hardly be found”.
Mostovich has little hope on the police. According to him, they have less technical capabilities than KNB.
“Now our petition is at the police station,” Mostovich said.
Dzhamilya Maricheva also has no illusions about the proper reaction of the law enforcement system to the massive cyber-attacks against journalists.
“It was important to report the fact of offences so that the relevant authorities would not say that we did not report the fact of cyber-attacks if the conflict escalated further,” Maricheva explained the need to make a collective petition.
Does the problem go beyond the media?
The situation, according to Maksim Mostovich, has revealed the key problem of the existing legislation. The state, namely KNB and its agencies, provides exceptional protection to critically important information and communication infrastructure facilities like ‘electronic government’ systems, banks, healthcare facilities. But the media is not on that list.
“Organisations that are on the list of critically important facilities are being helped – they deal with cyber-attacks, identify the source of attacks. And we are private media outlets and have to face cyber criminals as no one wants to deal with our problems,” Mostovich said.
According to him, the media must have the same protection as the facilities that are listed as critically important ones. Otherwise, it is not only the media but the entire society can become victims of cyber-attacks.
“Imagine what would happen if hackers start hacking media massively, publish fake news everywhere, call for the overthrow of power, incite interethnic, interreligious hatred. The problem should be seen at a larger scale and it should be solved at the legislative level,” said Maksim Mostovich.
Sergei Ponomarev, journalist and deputy of the Parliament of Kazakhstan, agrees with him. He wants to initiate the development of a law to counter cyber-attacks against the media. Ponomarev has already met with media representatives at Astana, the capital of Kazakhstan. Completed proposals regarding the new draft law should be submitted at the end of spring 2024.
Bagdat Musin, minister of digital development, also expressed support to journalists. He promised to figure out what was the source of cyber-attacks against the website and social media of Kursiv.media. According to him, earlier the ministry of digital development provided support to Orda.kz, which faced massive DDoS attacks in 2022. However, the ministry of digital development still fails to report the source of attacks against Kursiv.media.
According to Olzhas Satiev, president of the Centre for Analysis and Investigations of Cyber-Attacks (TSARKA), the state already has capacity to provide anti-DDoS services.
“But then people would think that journalists are loyal to the state as they are funded by it,” he indicated the reverse side of the problem.
Satiev also mentioned that cyber-security services are not cheap.
“A relevant specialist earns from 500 thousand tenge (1,100 dollars), anti-DDoS services cost millions tenge. Will the state allocate such sums for journalists only? To be honest, I don’t know,” the speaker said.
However, websites in the .kz domain space can already use webtotem.kz, a product that protects websites from cyber-attacks.
“You only have to fill in your application on webtotem.kz and get the free of charge service. The product works at the expense of the Committee for Information Security,” Olzhas Satiev said.
Illustration: Freepik.com
This publication was funded by the European Union. Its contents are the sole responsibility of IWPR and do not necessarily reflect the views of the European Union.