On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China. A MITM attack intrudes on online connections in order to monitor and control a channel, and may also be used to push connections into other areas -- for example, turning a user towards a malicious rather than legitimate website.
After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.
A screenshot of the attack is below:
The attack, dubbed "especially devious" by Greatfire, involved a pop-up warning message in the email client. Unlike in the case of browser warnings, users are more likely to quickly click the "continue" button on the message without actually reading the message or considering risk factors -- potentially attributing the warning to a network issue instead and therefore nothing to be concerned about.
Once clicked upon, the user's emails, contacts and passwords could then be logged by the cyberattackers.
According to Greatfire, the attack lasted for approximately a day and has stopped -- at least, for now.
The cyberattack on Microsoft systems comes after recent MITM attacks which reportedly have taken place against Google, Yahoo and Apple in China. It is only weeks since Google's email client, Gmail, was blocked in the country well-known for its tough censorship laws. Since 26 December, Gmail users in China have been unable to access the service, even if they use a third-party service -- such as Outlook -- to access their messages. Currently, VPN circumvention of the block is the only way to use Gmail.
Due to similarities between other reported MITM attacks, Greatfire has accused Lu Wei and the Cyberspace Administration of China (CAC) of orchestrating the attack, or having "willingly allowed the attack to happen."
"If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor," the watchdog says.
Greatfire believes that as the China Internet Network Information Center (CNNIC) is directly governed by CAC, the organization should not be trusted by software providers such as Microsoft and Apple, and the firms in question should immediately revoke trust for the CNNIC certificate authority.
Blocks on foreign services have become increasingly common in China over the past few years. The "Great Firewall of China," as China's censorship mechanism is colloquially known, aims to shut down anyone who seeks freedom of speech to criticize the ruling Communist Party. Users of foreign services, such as Microsoft's Outlook or Gmail, are being forced to use local services instead -- which the Chinese government can monitor to weed out signs of dissent.
A Microsoft spokesman told ZDNet:
"We are aware of a small number of customers impacted by malicious routing to a server impersonating Outlook.com. If a customer sees a certificate warning, they should contact their Internet service provider for assistance."
Read on: In the world of security
- Botnets in 2014: ZeuS surge, lax policies place Web users at risk
- FTC finalizes charges against Snapchat over user privacy
- Bluster, bravado and breaches: Today's 'terrorist' players in cybersecurity
- Hackers infiltrate White House network
- FireEye predictions for cybersecurity in 2015
- Analysis casts doubt on FBI claims over Tor website seizures
- High volume DDoS attacks rise in Q3 2014
- Apple iOS Masque flaw dangers: Communication app infiltration discovered
- UK hires hackers, convicts to defend corporate networks
- ZeuS variant strikes 150 banks worldwide