Cyberattack on Outlook’s users

Microsoft cyberattack

Microsoft cyberattack

China has started a cyberattack on users of Microsoft Outlook’s email services. They would want to spy on the communication of Outlook users according to a Chinese Internet monitoring group. The hackers employed by Chinese officials were attacking users that accessed their account on January 17. Chinese users that has an account on Outlook, Hotmail or Live accounts were subjected to a “man-in-the middle” (MITM) attack wherein the attacker hijack a highly secure system. The hackers were able to bypass the system and successfully monitored activities of the users according to a report by GreatFire.

China is trying secure the Internet for users

China is trying secure the Internet for users

The Chinese Internet monitoring group had been exposing the various illegal monitoring of Chinese government over Internet users. They believe that China attempted to intercept and spy on communications that it can’t easily monitor. Users were curious thus about the error messages they saw when they were trying to connect their email to Outlook’s servers via IMAP and SMTP. However users that use connections to outlook.com and login.live.com were not affected according to a test performed by GreatFire. The group suspects that Lu Wei and the Cyberspace Administration of China were behind the attacks or somehow approved the attack that happen. The attack signals that Chinese officials are looking into investigating or cracking down communication methods they cannot readily monitor.

The attackers disguised into self-signed certificates likening it to the Outlook’s server. The Internet certificates are being used to affirm the identity of a website or a server and to ensure that the connection is secure and private. These certificates are only being issued by official and trusted certificate authorities. At times, such certificates could be issued by a site or service certifying its own identity which are known as the self-signed certificates. These certificates prompt browsers and email clients to display a warning, since a self-signed certificate can be a sign of an MITM attack.

Images by Times of India and The Guardian