Monday, 19 January 2015

Microsoft Outlook hacked following Gmail block in China

Online censorship watchdog Greatfire says that Microsoft was attacked over the weekend, causing havoc for Chinese users.


Microsoft Outlook Hacked


Microsoft's Outlook email service was subject to a cyberattack over the weekend, just weeks after Google's Gmail service was blocked in China.

On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China. A MITM attack intrudes on online connections in order to monitor and control a channel, and may also be used to push connections into other areas -- for example, turning a user towards a malicious rather than legitimate website.

After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.

The attack, dubbed "especially devious" by Greatfire, involved a pop-up warning message in the email client. Unlike in the case of browser warnings, users are more likely to quickly click the "continue" button on the message without actually reading the message or considering risk factors -- potentially attributing the warning to a network issue instead and therefore nothing to be concerned about.

Once clicked upon, the user's emails, contacts and passwords could then be logged by the cyberattackers. According to Greatfire, the attack lasted for approximately a day and has stopped -- at least, for now.

According to a report in ZDNet, The cyberattack on Microsoft systems comes after recent MITM attacks which reportedly have taken place against Google, Yahoo and Apple in China. It is only weeks since Google's email client, Gmail, was blocked in the country well-known for its tough censorship laws. Since 26 December, Gmail users in China have been unable to access the service, even if they use a third-party service -- such as Outlook -- to access their messages. Currently, VPN circumvention of the block is the only way to use Gmail.

Outlook Hacked


Due to similarities between other reported MITM attacks, Greatfire has accused Lu Wei and the Cyberspace Administration of China (CAC) of orchestrating the attack, or having "willingly allowed the attack to happen."

"If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor," the watchdog says.

Greatfire believes that as the China Internet Network Information Center (CNNIC) is directly governed by CAC, the organization should not be trusted by software providers such as Microsoft and Apple, and the firms in question should immediately revoke trust for the CNNIC certificate authority.

Also read:Surface Phone: Microsoft working on breakthrough Windows mobile

Blocks on foreign services have become increasingly common in China over the past few years. The "Great Firewall of China," as China's censorship mechanism is colloquially known, aims to shut down anyone who seeks freedom of speech to criticize the ruling Communist Party. Users of foreign services, such as Microsoft's Outlook or Gmail, are being forced to use local services instead -- which the Chinese government can monitor to weed out signs of dissent.


0 comments:

Post a Comment