Kazakhstan’s security services are sounding the alarm about a possible increase in the volume of hacking attacks against domestic banks.
Oleg Bil, head of the cyber-defense department at the National Security Committee, or KNB, said at a conference on April 12 that lenders are failing to properly protect themselves against the risks. Many companies in Kazakhstan are reportedly reluctant to reveal when they are targeted for fear of damaging their reputation.
“Domestic banks are only saved by the fact that perpetrators are currently busy attacking small and poorly protected Russian financial institutions. And so the crooks have no need for now to attack relatively large Kazakhstani banks with reasonably good levels of protection,” Bil said a conference in Astana entitled SOC (Security Operations Center) Forum.
But Bil said there was no room for complacency and said the volume of attacks is bound to grow. Levels of cooperation between the KNB and large companies and state bodies are also less than satisfactory, he said.
Kazakhstan’s banks have been a recurrent target. Hackers have frequently cracked accounts, bank machines and payment terminals.
In late September, the KNB’s cybersecurity division revealed that the websites of several banks had been knocked offline by a distributed denial of service, or DDoS, attack.
“The attack was launched from overseas IP addresses, so we quickly informed the relevant cyber-reaction services in those countries,” the National Security Committee, or KNB, said in a statement at the time.
No details were provided about which banks had been targeted or where the attacks had come from. It soon emerged, however, that at least one of the banks was Qazkom, which posted an update on its Facebook page to warn customers of possible “delays in operations” and that the bank website might be temporarily unavailable.
If the banks themselves are more or less protected, regular clients are more vulnerable. Growing numbers of people rely on online services to top up mobile phone balances, transfer cash and pay for utilities, but awareness of risks is generally quite poor.
Despite the intense wave of hacks, banks are often reluctant to divulge the details publicly. The KNB has complained that lenders often resort to covering up incidents and decline to solicit assistance from the government to avoid harming their reputation as reliable financial-service providers.
One of the bolder ideas aired at the SOC Forum was to issue licenses to IT specialists authorizing them to carry out selected hacks.
“There are young guys interested in researching and studying vulnerabilities, probing resources, but under current legislation this is a very delicate area. You can end up being prosecuted under Article 205 of the Criminal Code on gaining unlawful access to information and being sent to jail,” said Ruslan Abdikalikov, deputy chairman of the Information Security Committee at the Defense Ministry. “On the contrary, we should give these people the chance to do this legally and we have considered such an option.”
In January 2017, President Nursultan Nazarbayev issued an order to create what was dubbed the Kazakhstan Cyber-Shield. The concept is to implement a range of policies to systematize national defenses against the prospect of attacks.
Nazarbayev has described the threat as existential.
“In the last three years alone, the volume of illegal online content has increased 40-fold. This means that we need a reliable cyber-shield for Kazakhstan. We cannot put off the creation of [this shield], we must protect the interests of our country, our culture and our values,” he told parliament in January.
As the president sees it, the dangers are posed to actors even more crucial to basic life than the banks.
“In today’s world, you don’t need to fight with planes and tanks. You can launch a virus and stop power plants and trains, and that’s that. You don’t need to fight or unleash troops,” he told the lawmakers.
Seen in the context of a recent shift in Kazakhstan’s military doctrine, such concerns could be interpreted as a reflection of anxieties about a threat close to home. The new doctrine adopted in September expresses concern over the possible deployment of “hybrid methods.” It also warns about separatist movements and cyberattacks, which cannot but be a reference to concerns of potential breakaway insurgencies emerging in the heavily ethnic Russian-inhabited northern regions of the country.
Such worries are not groundless.
Ukraine and Estonia, for instance, have both been subjected to sustained hacking attacks allegedly mounted by elements affiliated with or close to the Russian government at times of intense diplomatic tension.
Abdikalikov said Kazakhstan’s state entities were subjected 1 billion cyberattacks in 2016, but 20 billion last year.
These astronomic figures can be a little confusing though, as it not always clear exactly how a cyberattack is defined.
LS, a Kazakhstan-based portal focusing on financial news, reported in January, citing the KNB, that Kazakhstan had been targeted by 63,000 cyberattacks. The volume of incidents is rising at an alarming rate, officials say. If there were 18,000 incidents in 2015, the figures for the two following years were 21,000 and 25,000, respectively. Most of the attacks consist in malicious viruses being installed on victim’s devices to then generate spam and propagate DDoS attacks.