Hackers targeting Apple iCloud users in mainland China with 'massive' attack

Posted:
in iCloud edited October 2014
Hackers have reportedly begun targeting iCloud users in mainland China, utilizing a so-called "man-in-the-middle" approach in an attempt to steal user information, with one group accusing the Chinese government itself of perpetrating the attack.




The attacks were first revealed by Chinese activist group GreatFire.org, which said the latest efforts resemble previous attacks on Google, Yahoo, and Microsoft Hotmail. The organization has alleged that China's government is involved in the attacks, according to Reuters.

The attacks are said to have incredibly deep access to the servers of Chinese Internet providers, leading to speculation that the government-owned companies are cooperating in the attack. Security researchers say that Greatfire.org's claims appear to be accurate, though the Chinese government has denied the accusations.

The attacks first came to light when users in China began to receive security warnings from Apple's iCloud service. That led Chinese Internet activist Zhou Shuguang to investigate.

According to The Wall Street Journal, Zhou found that a so-called "man-in-the-middle" attack had been implemented between iCloud users and the server where data is hosted. His findings were also corroborated by security analyst Erik Hjelmvik of Netresec AB, who called the attack "quite massive" and "sophisticated."

Analysts who spoke with the Journal alleged that Chinese iCloud users' data stored in the cloud, including usernames and passwords, could be at risk if the attackers can decrypt the communication between users and iCloud servers in China. However, there was no immediate evidence that the hackers have been able to decrypt the data.

And while GreatFire.org has accused the Chinese government of being volved, some critics say the fact that users are alerted of security warnings suggest attack is too easily detected for the government to have played a part.
«1

Comments

  • Reply 1 of 34
    gatorguygatorguy Posts: 18,744member
    And while <em>GreatFire.org</em> has accused the Chinese government of being volved, some critics say the fact that users are alerted of security warnings suggest attack is too easily detected for the government to have played a part.

    If the Chinese user depends on Google Chrome or Firefox then they get a pop-up warning of a spoofed site AND default blocking. If instead they use one of China's most popular browsers, Qihoo, there's nothing to indicate you aren't going to a legitimate Apple site according to the source. Many, many thousands (millions?) of users may well be fooled into giving up their sign-in credentials.
  • Reply 2 of 34
    And you thought the NSA was bad.
  • Reply 3 of 34
    lilgto64lilgto64 Posts: 1,147member
    Quote:


     The Government is not spying on you.


     


                                           - Guy with a bridge for sale


  • Reply 4 of 34
    This is old news AI:

    http://9to5mac.com/2014/10/20/chinese-government-apparently-phishing-icloud-account-info/

    And Apple, please fix this Copy Paste bug
  • Reply 5 of 34
    @sog35 you're right. The USA should offer US citizenship to every Chinese who asks. I mean, they never asked to live in a communist country, right?

    Also... I thought I read something about you leaving the Internet forever and going to be a monk in Thailand if no Apple TV Media Center 2014 Supreme Edition last week?
  • Reply 6 of 34
    tzeshantzeshan Posts: 1,679member

    There are so many anti-Chinese government groups and people.  I am not surprised Chinese law enforcement try to harvest their usernames and passwords.  Just ask FBI director what it will do to Americans.  

  • Reply 7 of 34
    We should keep in mind that iCloud hasn't been hacked. The hackers are spoofing Apple's iCloud to intercept users BEFORE they get to Apple's iCloud.
  • Reply 8 of 34
    And while <em>GreatFire.org</em> has accused the Chinese government of being volved, some critics say the fact that users are alerted of security warnings suggest attack is too easily detected for the government to have played a part.

    Oh I believe they're volved. :D

    How would they spoof icloud servers on the web?
    Let's say unscrupulous DNS servers are routing "icloud.cn" (or whatever) traffic to some government spoof site.
    As long as your browser is using https, the identity of the server (pretending to be) icloud.cn is verified by a CA (say, Verisign). The root CA's certificates are already stored on your computer, so your browser can verify that it is in fact, connecting to Verisign.

    No, I don't think a man-in-the-middle attack by itself will be that effective. Users will get a (somewhat vague) prompt about being unable to verify a website's identity if anything is "off" about this https handshake. I suppose the Government could try to entice users to accept a certificate from a malicious root CA in order to make spoofing icloud.cn easier. There are also root auto-updaters (bad idea), malware, and other ways to compromise your computer's security, but out of the box, the OS should be tight enough to alert you to spoofed sites. I guess the other thing the Chinese (or other) government could do is compromise an intermediate CA (either secretly run one or hack into one) then issue compromised certificates to legitimate businesses that are then used to spoof those servers perfectly (no warning pop up). That would be a more coordinated PK infrastructure attack, and unfortunately, it's not unheard of.
  • Reply 9 of 34
    Originally Posted by Suddenly Newton View Post

    Oh I believe they're volved. image

     

    I've been outvolved for most of my life; I wouldn't know volvement if I saw it, much less the in- variety.

  • Reply 10 of 34
    gqbgqb Posts: 1,934member
    Quote:

    Originally Posted by sog35 View Post

     

    This is not valid news.

     

    Thats the price to pay living in a Communist country.


    Not to split hairs, but its a Totalitarian country. China today is about as 'communist' as John Galt.

  • Reply 11 of 34
  • Reply 12 of 34
    joshajosha Posts: 901member

    > And while GreatFire.org has accused the Chinese government of being volved, some critics say the fact that users are

    > alerted of security warnings suggest attack is too easily detected for the government to have played a part.

     

    Could this be caused by the Hong Kong democracy disturbers,  just wanting to make the China dictatorship look bad ?

  • Reply 13 of 34
    Quote:
    Originally Posted by Suddenly Newton View Post



    No, I don't think a man-in-the-middle attack by itself will be that effective. Users will get a (somewhat vague) prompt about being unable to verify a website's identity if anything is "off" about this https handshake.

     

    Well, if you think about the times you've seen a similar message, you realize it's something like a typo in the URL. What would the average user do if they went back and carefully typed in the url, but saw the message again? I think a lot of people would assume that the message was incorrect and somebody screwed something up, and I really need to get to my chit on iCloud.

  • Reply 14 of 34

    Ugh, disgusting. Governments that don't trust their own people.

     

    Of course, the truth is always little less alarming that the scream of the headlines. According to the NYT (click bait headline, but more sober text):

     

    "Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of iCloud.com, making their user names and passwords vulnerable to theft.

     

    On the webpage, Apple explained how people could distinguish an authentic iCloud.com website from a fake one. Basically, users will receive warnings when the web browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings when they appear and avoid signing in.

     

    “Apple is deeply committed to protecting our customers’ privacy and security,” said Trudy Muller, an Apple spokeswoman. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”"

  • Reply 15 of 34
    Quote:

    Originally Posted by anantksundaram View Post

     

    Ugh, disgusting. Governments that don't trust their own people.

     

    Of course, the truth is always little less alarming that the scream of the headlines. According to the NYT (click bait headline, but more sober text):

     

    "Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of iCloud.com, making their user names and passwords vulnerable to theft.

     

    On the webpage, Apple explained how people could distinguish an authentic iCloud.com website from a fake one. Basically, users will receive warnings when the web browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings when they appear and avoid signing in.

     

    “Apple is deeply committed to protecting our customers’ privacy and security,” said Trudy Muller, an Apple spokeswoman. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”"


     

    ack! That security page is not https:  http://support.apple.com/kb/HT6550   the hackers could replace that bit pretty easily.

  • Reply 16 of 34
    gtrgtr Posts: 3,231member
    tzeshan wrote: »
    There are so many anti-Chinese government groups and people.

    You ever wonder why that may be?

    The Chinese are a great people so they deserve a great government that will allow them to communicate and act freely within their own country so that one day they can proudly take their place on the world stage.

    Unfortunately, they do not currently have this.

    One day they will rise up and make their country truly great.
  • Reply 17 of 34
    Quote:

    Originally Posted by GTR View Post





    You ever wonder why that may be?



    The Chinese are a great people so they deserve a great government that will allow them to communicate and act freely within their own country so one day they can proudly take their place on the world stage.



    Unfortunately, they do not currently have this. Hopefully one day they will rise up and make their country truly great.



    Chinese people are no different from any other people. Politics ruins everything.

  • Reply 18 of 34
    gtrgtr Posts: 3,231member

    Chinese people are no different from any other people. Politics ruins everything.

    Chinese people are not the problem. Their government is.

    You should see the underhanded sh*t going down in Hong Kong these days that barely makes the western news services.

    Any government that disallows something as simple as freedom of speech knows it doesn't have the best interests of the people at heart.

    Hopefully, one day things will change.
  • Reply 19 of 34
    tzeshantzeshan Posts: 1,679member
    Quote:
    Originally Posted by GTR View Post





    You ever wonder why that may be?



    The Chinese are a great people so they deserve a great government that will allow them to communicate and act freely within their own country so that one day they can proudly take their place on the world stage.



    Unfortunately, they do not currently have this.



    One day they will rise up and make their country truly great.



    I think you don't truly understand Chinese history.  China is not great today is not the fault of CCP.  China became so poor as a result industrial revolution.  The western world became more and more productive.  Chinese don't understand why.  They don't try to learn science from the west.  Because they don't know it is science that makes the west great.  Their business gradually losing to the west.  Then China lost in the Opium War.  Then the intellectuals began arguing how to correct this 'politically'.  Then China sank into civil wars for about one hundred years. 

     

    Politics always divide people.  You think democracy is the only solution.  Then answer why Egypt, Thailand, Ukraine became unstable when they chose democracy?  This is mainly due to lack of consensus between different groups of people.

     

    CCP is a socialist party.  It is closer to the Democrats in US in dealing with economy.  Of course there will be many people in China who thinks more closely like the Republicans.  This is why I say there are many anti-Chinese government groups and people.  But you should understand in US there are also many groups and people that are anti-Democrats and anti-Obama.  You can argue that people have freedom to choose a different President in two years that the Chinese can't.  But if you look at things in a time window.  Before the next President all the anti-Democrats and anti-Obama people should accept the fact.  China might be like this but the time window is much longer.

     

    All I want to say is this.  Overwhelming majority of people do not care about politics.  The number one thing they care is their jobs and the wealth their jobs bring.  This should be the yardstick we use to judge a government not its type.  

  • Reply 20 of 34
    gtrgtr Posts: 3,231member
    tzeshan wrote: »
    All I want to say is this.  Overwhelming majority of people do not care about politics.  The number one thing they care is their jobs and the wealth their jobs bring.  This should be the yardstick we use to judge a government not the type.  

    I agree with you in many regards and thank you for taking the time to respond.

    I am familiar with China's history and have spent much time there. My girlfriend, soon-to-be wife, is also Chinese.

    I love China, Hong Kong, and many of the surrounding Asian countries.

    I never said I believe democracy to be the answer and was very clear in expressing that it is the government's behavior that I disliked, not the people.

    But the recent spate of incidents: invasions into Vietnamese waters for oil, battling with Japan over island territories, deliberately antagonising American military aircraft in international airspace, the refusal to allow Hong Kong to freely elect their leaders, the Great Firewall of China, international hacking incidents, the regular theft of international intellectual property in a large number of international industries, threatening behaviour in Australia when they do not receive favourable media coverage, and let's not forget the old problems - Taiwan and Tibet.

    All of this behaviour seems to indicate that the Chinese government does not appear to consider itself a member of the world community, and could even be interpreted as a nation preparing to go to war.

    As an international member of the community I must say that their increasingly aggressive behaviour concerns me.
Sign In or Register to comment.