VPN Articles and News

China Authorities Attack Microsoft Outlook

Wednesday, February 4th, 2015

A few days after shutting down Google’s Gmail service in the country, the Chinese authorities have launched a daring cyber attack against another major email service, Microsoft Outlook. As per the information released by online watchdog Greatfire.org, the Outlook service was targeted by a sophisticated man-in-the-middle (MITM) attack inside China for one full day. The attack was reportedly directed against the IMAP and SMTP protocols used by the Outlook service so users relying on email clients (Outlook, mobile apps, Thunderbird etc.) to access their accounts bore the brunt of the attack. However, the web interface of the service was not affected in any way.

The attack against Outlook comes in the backdrop of similar attacks against services offered by Google, Microsoft, Yahoo and Apple. While Gmail was blocked inside China in the last week of December, Apple’s iTunes service was subjected to a MITM attack just few weeks back. This clearly demonstrates that the Chinese government will not hesitate to use questionable methods to monitor online activities of its citizens and exert absolute control over the internet. If things continue like this, the day is not far when China would be totally cut-off from the global internet.

Greatfire termed the attack against Outlook “especially devious” since the hack was designed to steal data and user credentials in a stealth way. That’s because unlike browsers that flash prominent security warnings whenever they come across malware infested sites or compromised/expired security certificates, most email clients display barely noticeable error messages. What’s worse, since email clients are designed to run in the background, users are more likely to ignore the Pop-up warning messages flashed by the software and click on the “Continue” button without thinking about the consequences. Additionally, since email clients are programmed to retrieve emails automatically from time to time, users may not take such warnings seriously since they did not take initiate any action to fetch the messages. However, no sooner does the user click on the “Continue” button, all of his messages, contacts lists and passwords become available to the attackers. Microsoft, on its part, has confirmed the attack and said that a small number of Outlook users in China have been affected by malicious routing to a fake server.

Greatfire has advised Chinese users not to ignore warning messages (especially those related to expired or compromised certificates) issued by their email clients in order to remain safe from the MITM attacks perpetrated by the Chinese authorities. The watchdog has also urged software vendors, including Apple and Microsoft, not to trust security certificates issued by China’s Internet Network Information Center (CNNIC). Noting that CNNIC is a part of Cyberspace Administration of China and is well-known for its questionable practices, including implementation of internet censorship as well as distribution of malware; Greatfire has warned vendors that since CNNIC has the capability to intercept encrypted communications, using the certificates issued by the authority to secure communications is not in the best interests of the companies or the end users.

February 4, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 4 =