The Chinese cyber installation over the weekend hacked Microsoft’s Outlook e-mail network. The man-in-the-middle attack was targeted at gaining a way through which to read users e-mails using their passwords and log-in details. The news was broken by Greatfire, an organization that monitors activities of the Chinese government online.
The Chinese government has yet again been accused of attacking internet users by launching an attack aimed at violating the privacy of users online. The latest attack was on Microsoft’s Outlook e-mail system. However, the attack was not one directed at Microsoft but one which sought to take advantage of the fact that users can use Outlook to log into other email addresses. The aim was to infiltrate Outlook and gain access to all emails that a user logs into using Microsoft Outlook.
The specific way in which the attack was carried out was by intercepting the connection between Outlook and the email service. This interruption would result in Outlook generating a warning that the user was proceeding to a risky place. Now, the user had the option to terminate the process of logging in or continue after the warning. As it was, many users chose to continue, thereby allowing the hacking of their emails. Reports online speculate that users might have attributed to bugs in their browsers.
Cyber security analysts looking into the issue said that there were three main aims that the Chinese most probably wanted to achieve with the hack. One of the aims was to test the capabilities of their cyber attack technologies. China has been accused of developing technology aimed at attacking other nations’ cyber networks and the internet giants such as Google from the West. The attack therefore provided a way through which the Chinese could tell how far they were from a system capable of posing real danger to a nation with sophisticated defense of its cyber systems.
The second possible aim for such an attack is to discourage Chinese citizens from finding alternative ways to access e-mail from foreign email carriers like Google and Yahoo. China has been in the past known to block access to Gmail and yahoo mail from China in order to encourage its own email companies. The reason why the Chinese would rather have its citizens uses email services from Chinese providers is because it can pressurize the providers to leak emails when it needs to spy on its citizens. This is impossible with companies such as Google and Yahoo because they are not under the direct influence of the Chinese Communist regime.
The third reason why Chinese would launch such an attack is, so as to, find the response rate of the target group. By recording the response rate each time they launch an attack, the Chinese are able to develop a pattern of response and therefore gauge how keen the targeted group is. Greatfire was quoted saying “By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack.”
The Chinese are not expected to stop the hacking. In fact, it is expected that they will only get more frequent and severe.
Top/Featured Image: By Shi Deru (a.k.a. Shawn Xiangyang Liu) – Licensed under CC BY-SA 3.0 via Wikipedia