Monday, January 19, 2015

Security Director Alert - China Travel and Email

Users of Microsoft's Outlook email service in China had their accounts hacked on Saturday 17 January by the Chinese government, according to web monitoring website GreatFire.org.

The attacks affected people using email clients such as Outlook, Mozilla's Thunderbird and apps on their smartphones that use the SMTP and IMAP protocols, but did not affect the browser versions such as www.outlook.com.

The man-in-the-middle attack used by the hackers allowed them to intercept conversations between victims, which appear to be private but are in fact controlled by the hackers.

GreatFire.org was able to reproduce the results seen by victims, including the fake certificates used by the hackers to pretend they were the intended recipient.

"If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor," a blog post said on Monday 19 January.

The attack on Outlook comes just a month after the Chinese government blocked the use of Google's Gmail service in the country.
(more)