The Chinese government could be behind a cyberattack on Microsoft’s email system in China, according to GreatFire, a nonprofit that monitors censorship in China.
GreatFire believes the email site Outlook.com was subjected to a so-called man-in-the-middle attack, in which hackers insert themselves into systems to eavesdrop while relaying messages between users. The attack lasted most of Saturday, GreatFire said.
{mosads}Users in China trying to access their email received warnings that incoming messages could not be verified. But simply hitting “continue” allowed users to receive the malicious emails anyway, making the attack “especially devious,” GreatFire said.
“If users do click on the ‘continue’ button, then all of their emails, contacts and passwords will be logged by the attackers,” GreatFire reported.
According to the nonprofit, this is likely the Chinese government’s biggest surveillance effort since it reportedly infiltrated Apple’s iCloud. That incident garnered enough attention that Apple CEO Tim Cook discussed the hack directly with Chinese authorities.
The two attacks closely resemble one another, GreatFire said.
“If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor,” GreatFire said.
Beijing has been dramatically escalating its Internet censorship and surveillance in recent months, according to analysts at GreatFire who monitor blocked websites and applications in the country.
The government blocked Gmail completely and also cut off the country’s access to the online banking for HSBC, the world’s second largest bank.
With the suspected Microsoft Outlook assault, GreatFire thinks the Chinese government is testing its cyber capabilities and the usefulness of man-in-the-middle attacks.
“The authorities may also be gauging user response,” the company said. “By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack.”
— Updated 3:51 p.m.