The Threat of State-Level Surveillance Using HTTPS Interception

Key Findings:

• HTTPS interception is a realistic attack scenario in Russia, given the state’s resources, its political objectives of controlling their digital infrastructure, and the digital infrastructure already within the state’s reach—namely the state-controlled Yandex browser, a domestic Certificate Authority (RTCA), and the sub-network within their borders.
• Russia’s investment in creating the conditions for mass state surveillance through HTTPS interception is a prime example of how governments may abuse their power to conduct mass surveillance in the digital space within their borders.
• The handshake data (needed to establish an HTTPS connection) collected reveals anomalies across geolocation and domain without a meaningful technical explanation, which could be further analyzed for signs of HTTPS interception.
• Yandex’s acceptance of the RTCA certificate could indicate a deliberate strategy to facilitate HTTPS interception. Replacing a non-RTCA-issued certificate with an RTCA-issued one in Chrome indicates that specific requests within Russia’s internet infrastructure may be routed through intermediaries capable of substituting certificates; it may also indicate a centralized interception point at the ISP or national gateway level.