How do providers implement Internet blocking in Belarus?

September 23, 2020

  • Qurium analyzes the blocking implemented by four different operators in Belarus
  • Belarus operators use their own infrastructure to implement the blocking
  • Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses

In August 2020, mass anti-government protests erupted in Belarus against the re-election of the president Alexander Lukashenko and the arrest of opposition political candidates. The Internet was shutdown several days and more than 80 websites, most of them news and political sites, were blocked. They still remain blocked.

Qurium Media Foundation, in collaboration with the Belarusian human rights organization Human Constanta, has been looking into some of the implementation details of the Internet blocking in Belarus, focusing on a few selected providers (Business Network, Beltelecom, A1 and MTS), to look deeper into the nature of the hardware used for the blocking and understand how it is working.

According to Qurium’s report, providers use their own infrastructure to implement the blocking and blocking is therefor not implemented on a central level. Some of the blocking techniques used include Domain Name System spoofing, transparent proxies with hijacked HTTPS certificates and Deep Packet Technology (DPI) implementations.

Qurium forensics report:  Internet blocking in Belarus

Digital forensics: Tord Lundström, Qurium Media Foundation
Media: Clara Zid, Qurium Media Foundation