Microsoft’s Outlook e-mail service has apparently been the victim of a cyberattack over the weekend, this time perpetrated by the Chinese government. The hack took the form of a man-in-the-middle (MITM) attack that would allow the government to monitor a user’s e-mail account, including login and password.

The news was first reported by Greatfire.org, an online watchdog group focused on providing information on Internet censorship in China. Greatfire said it first began receiving reports of the attack on Saturday. The report surfaced only a week after news that China had completely blocked access to Google’s Gmail system.

A Pattern of Attacks

The attack focused specifically on Outlook’s IMAP and SMTP connections. In other words, while users accessing their mail through the Outlook application would be affected, anyone connecting through the Microsoft Web interface was safe, according to Greatfire. The attack lasted for about a day, seemed to have been confined to Chinese users, and has since ended, Greatfire wrote.

The attack is notable for its particularly insidious nature. Users saw only a relatively benign looking warning indicating that the identity of the mail server could not be verified. Users had the option of continuing with the connection despite the warning. They would likely have attributed the warning to a network connection problem before proceeding, Greatfire wrote in its blog post.

The Chinese government has recently been accused of being behind a number of cyberattacks. In addition to the attack on Gmail, services by both Yahoo and Apple in China have been targeted. At this point, the recent events are beginning to form a pattern.

“Because of the similarity between this attack and previous, recent MITM attacks in China (on Google, Yahoo and Apple), we once again suspect that [Deputy Head of the Propaganda Department of the Communist Party of China] Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have willingly allowed the attack to happen,” Greatfire wrote. “If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor.”

Testing Its Technology

Just last month, China was suspected of blocking Chinese users’ access to Gmail through an e-mail client. The Chinese government denied any action on its part in the service disruption. Google had also accused China of blocking access to its e-mail services in 2011, a claim the government also denied.

Apple, meanwhile, has also apparently been on the receiving end of the Chinese government’s wrath. Apple’s iCloud was the subject of a similar MITM attack in October. Greatfire said that these types of attacks might represent an attempt by China to refine its methods through experimentation.

“The authorities are most likely continuing to test their MITM technology. The authorities may also be gauging user response,” Greatfire said. “By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack.”

Via: enterprise-security-today