Turkmenistan Entrusts Cyber Security to Unknown Company in Singapore

Turkmenistan’s infrastructure for cyber threat protection is built on the software of a company that no one has heard of, Indigo Software of Singapore. Indigo Software has many of the features of a rogue company. It uses the software of German company Rohde & Schwarz as a basis for its products. At the same time, after turkmen.news recently published a series of reports about the people responsible for blocking the Internet in Turkmenistan, our site was subject to a failed DDoS-attack. We are sure that the names we revealed from the Cyber Security Department at Turkmenistan’s National Security Ministry are behind the attack. The head of the department has been changed, meanwhile.

Turkmenistan works with Indigo Software for its cyber protection

Singapore connection

Turkmen.news has learnt from several sources that Turkmenistan’s entire infrastructure for protection from cyber threats is based on the products of Indigo Software. There is no mention of this company in the local media, nor in the confidential documents that turkmen.news has obtained. Indigo Software’s site says that the company’s software is designed for major applications, such as ensuring the security of communication systems in an entire country. It stresses that the company’s services include the possibility of “detailed monitoring and management of every attachment used by your subscribers and every URL address that they access.

At the same time no one in the professional community knows Indigo Software. Its contact details and address in Singapore appear to be fake. If you call the number given on its site — +65 3158 1070 — you will reach the company Wyden, a platform for cryptocurrency trading. There is no LinkedIn profile of the company nor profiles of any of its employees. Many well known cybersecurity products around the world have undergone public testing, but we did not manage to find any reference to testing of Indigo Software’s products.

Indigo software Turkmenistan

The protection of an entire country’s cyber security pretty much rests on the software of a company that no one knows and that has fake contact details on its website. Several separate sources told turkmen.news independently that Indigo Software’s products were promoted by Turkmen company Asman Oky, which develops apps and in parallel provides consultancy services on Internet restrictions to the Cyber Security Department. Asman Oky is reported to have generously rewarded Turkmen officials, including in the Cyber Security Department, for the opportunity to conclude a lucrative contract with the Singaporean company.

Indigo Software’s sole product is a firewall, i.e. a screen between networks that monitors and filters traffic passing through it in accordance with set parameters. This is what permits or prevents data to reach the computers of Turkmen users.

Any firewall uses a deep packet inspection filter. This is a technology that checks the content of network packets in order to regulate and filter traffic. It is used to let through some traffic as a priority or, the reverse, to block traffic. No specialists know the DPI from Indigo, just as they don’t know the company itself. This creates the impression that Turkmenistan’s Cyber Security Department is practically the only client using it.

Officially, Turkmenistan does not name the tools used by the Cyber Security Department nor the specialists involved in their customization. There is only sketchy information about this subject. In 2022 it emerged that Romanian company NTT DATA Romania S.A. was to supply special cyber security equipment to Turkmenistan for 29,401,506 euros. Several months before that the Extraordinary Commission to Combat Infectious Diseases had allowed specialists from Serbia, Israel, and Belarus to enter Turkmenistan in order to set up special equipment for the Ministry of National Security. NTT Data has an office in Serbia.

Response to publications and a new broom

Who is in charge of all this — until recently this wasn’t known for sure either. But in August 2023 turkmen.news found out that it is the Cyber Security Department at the National Security Ministry that blocks the Internet in Turkmenistan. Several years ago the department was hived off from the ministry’s Eighth Department, which is responsible for communications and encryption. Maksat Geldiyev, who had been head of the Eighth Department, was appointed head of the new unit. He later returned to the Eighth Department but as its deputy head, while his relative, Allanazar Kulnazarov, became head of the Cyber Security Department. But Geldiyev remained the leading figure restricting the Internet as he retained all his influence. The origin of that influence, audacity, and impudence is in the next turkmen.news articles.

As we have already reported, after publication of the high profile report Maksat Geldiyev came under considerable pressure from employees of the National Security Ministry’s own security department. In response he said he had been targeted and that it was turkmen.news that approached him and asked for money not to publish the article. Supposedly it was only after this that he got in touch with us and asked how much money we wanted. We hope that Geldiyev has at least some proof of his claims (screenshots or voice messages).

Meanwhile, soon after the first article about who was blocking the Turkmen Internet, Allanazar Kulnazarov was sacked, and Yaylym Berdiyev became head of the department — he was Turkmenistan’s minister of national security until 2020 when he was dismissed with the phrase “in connection with his transfer to other work.” It’s not known for certain where and in what capacity Berdiyev worked since his dismissal. One source said that as punishment for “missing” an attempted state coup in 2019, he had been “exiled” to work as an ordinary teacher in a secondary school in a remote village in Ahal region. Another source said that after his dismissal Berdiyev worked as a lecturer in the Border Institute. He could have worked in both places during that period.

Yaylym Berdiyev

In fall 2019 the minister of internal affairs, Isgender Mulikov, the deputy head of the presidential security service, Meylis Nobatov, the minister of trade, Amandurdy Ishanov, and influential businessman Charymuhammet Kulov were suddenly arrested in Ashgabat and sentenced to long prison terms. They were all formally tried and convicted under many articles of the criminal code, but in reality they were punished for an attempt to seize power.

A well-informed turkmen.news source in Ashgabat reported that Yaylym Berdiyev had been sent to the Cyber Security Department “to restore order.” It’s not yet known whether Internet restrictions will be eased. Berdiyev could as a minimum restore access to sites that were blocked for Turkmen citizens for no good reason. In recent years IP addresses have been blocked in whole subnets without regard for which sites are no longer accessible. It will be difficult for the new head to get to grips with this, as under Geldiyev all the competent specialists were sacked from the Cyber Security Department.

Massive revenge attacks on turkmen.news

Meanwhile, the reports on named individuals blocking the Internet caused substantial fallout in Turkmenistan. All the people we named were taken to the cleaner’s, and they are out for revenge. We published our first report on August 11, and exactly one week later we were subject to a massive DDoS attack using the infrastructure of American company Rayobyte, which specializes in online marketing and SEO, and also offers proxy server services. They tried, unsuccessfully, to take down the turkmen.news site using a chain of Rayobyte proxy servers, clearly to make it impossible to track everything to the end.  

The nature and time of the attack indicate that it was not made on behalf of a state or country’s leadership. The attack, which took place shortly after publication of the report on bad actors blocking the Internet, was beneficial purely to those people who have taken over the whole country’s Internet in their own commercial interests.

The World Wide Web in Turkmenistan is almost completely inaccessible as most of the world’s IP addresses are blocked. In order to gain unobstructed access to the Internet people pay huge bribes to Geldiyev and other bad actors in order to be whitelisted. Citizens on the list are provided with a VPN, though of course it’s not free. As a result unimpeded access to the Internet costs Turkmen users several thousand manats a month, i.e. more than the average monthly salary, and much more than the monthly Internet subscription.

The global Internet, as important in the modern world as a water pipeline or electricity grid, is a “toy for the rich” in Turkmenistan. And this is not even in the interests of the state but just so that corrupt people make money selling places on the whitelist.

It is known for certain that Turkmenistan’s senior leadership has not issued an instruction on a total shutdown of the Internet. This usually happens in countries in connection with wars, state coups, and uprisings, but there is nothing of the kind under way in Turkmenistan. It is highly likely that the president of the country and the chairman of the Halk Maslahaty (the upper house of parliament) are not even aware of the scale of the problem: restrictions are not applied to them, of course. The decision to cut the country off from the Internet was taken arbitrarily by the leaders of the Cyber Security Department in their own commercial interests. They think that President Serdar Berdimuhamedov is not very knowledgeable about modern technology so it is easy to hide the situation of ordinary Internet users from him. 

People hoped that the situation would improve with a young president, but it is under his presidency that the Cyber Security Department decided to take blocking to the limit. This has a negative impact on citizens’ perception of the head of state.