On Monday, GreatFire.org, a non-profit Chinese organization fighting for a more transparent Great Firewall of China, reported that Microsoft’s e-mail client, Outlook, was hacked. GreatFire.org also said that behind the “man-in-the-middle” (MITM) attack ight have been the Chinese government.
A few weeks ago, the Chinese government chose to block Gmail access for all its citizens. Until late December, Gmail users could access the service using third parties which use SMAP, IMAP and POP e-mail protocols such as Microsoft Outlook or Apple Mail. After Christmas, Gmail could only be accessed via VPN services.
Recently, the Chinese government seems to have resorted to the MITM attack to be able to track the electronic conversations of Chinese internet users.
During a MITM attack, the hacker inserts himself in between the internet users’ connections and read or listen to their conversations while the victims of the attack continue to believe they are on a secure connection.
Greatfire reported that they learned about the attack when several users briefed them on the hack on January 17. According to the organization, only the e-mail protocols used by Outlook (IMAP and SMAP) were breached, while Microsoft’s webmail services were not.
The MITM lasted only one day and it hasn’t reoccurred since then.
The attack was successful because e-mail clients showed warning pop-ups that didn’t give as many details as a modern web browser would. For instance, the iPhone e-mail client told its users that it couldn’t verify server’s identity, but asked them whether they wanted to continue anyway. On the other hand, Mozilla’s Firefox browser provided webmail users with a more detailed warning message, telling them that by choosing to continue they might become victims of a cyberattack. Firefox also detailed that the certificate was not to be trusted since it was self-signed.
So, many email client users dismissed the warning message thinking that there was an error in the network. However, by hitting “continue”, all their IDs passwords and contacts were leaked to the hacker.
GreatFire.org also reported that the self-signed certificate was very likely to belong to the CNNIC (China Internet Network Information Center), a governmental organization that monitors and censors Internet in China. It is not the first time CNNIC uses such method of spying on web communications.
Greatfire.org also urged Microsoft and Apple to “immediately revoke trust for the CNNIC certificate authority.”
We once again suspect that Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have willingly allowed the attack to happen,”
wrote GreatFire.org on their website.
Image Source: File Hippo