It’s been reported by the New York Times, with their sources being cybersecurity monitoring groups and security experts, that Apple’s iCloud service was the target of an attack that aimed to steal the passwords of users and monitor their activities.
The issues began on the 18th of October, with Chinese users being targeted by a man-in-the-middle attack. Users may have thought they were giving their login information directly to Apple, but they may have been redirected to a malicious site that transfers your username and password to nefarious locations.
It is believed that these attacks have support from the Chinese government. This is because the servers from which the attacks originated from are those that only the government and state-run telecom companies are able to use.
Michael Sutton, the vice president for threat research at Zscaler, agreed that all the signs pointed to the involvement of the Chinese government. He claimed that an attack like this would be difficult to pull off unless it was carried out by a central authority.
These attacks are similar to those carried out recently on Google, Microsoft and Yahoo. The Chinese government is infamous for wanting to monitor their citizens; if the website isn’t banned entirely, it seems the government of China want to monitor it. Although these large tech companies have introduced encryption to try and combat snooping, it seems the government are doing their best to circumvent this.
Although they can’t monitor traffic directly, they can redirect it and intercept between the browser and the iCloud server. Although browsers like Safari, Firefox and Chrome give users a warning message if the encryption cannot be established, which signals that something fishy is afoot, Qihoo (a popular Chinese web browser) doesn’t.
Apple may say that iOS 8 offers security measures that prevent government snooping, but it seems they’re unable to prevent the Chinese government from being involved in these interception tactics.
Apple acknowledged that there had been an attack on their network, but stood firm by the statement that their servers hadn’t actually been breached. They put up a support page detailing the browser encryption process, explaining to users how they know when a website isn’t what it claims to be.
“Apple is deeply committed to protecting our customers’ privacy and security. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” said Trudy Muller, a spokesperson for Apple, who also declined to comment on if the attacks had been sourced to the Chinese government.
GreatFire, an independent censorship-monitor website, spoke to the New York Times regarding the attacks.
“As more sites move to encryption by default — which prevents the censorship authorities from selectively blocking access to content — the Chinese authorities will grow increasingly frustrated with their ability to censor that content,” said the GreatFire spokesperson.
It’s a world, or at the least a country, that is becoming very Orwellian. Government snooping is not an issue that will be going away any time soon, and it seems the Chinese authorities are doing their best to continue spying on users.
Chinese Government May Have Supported iCloud Hack
No comments yet. Sign in to add the first!