China residents using Microsoft Corp’s Outlook email services were subjected to a cyber attack during the weekend, only after a few weeks of Google Inc’s Gmail system being blocked in China.
“People subjected to using email services like Outlook, Mozilla’s Thunderbird and apps on their phone with the SMPT and IMAP email protocols, used for sending and receiving messages, around Saturday suffered to a “man-in-the-middle” (MITM) attack.” Quoted a China-based website, GreatFire.org.
A MITM attack creates an intrusion on online connections in order to process and control a channel, and can also be used to direct connections to other areas. For example, a user wishes to go to tecake.com/ but may be directed towards a malicious website rather than the legitimate website.
The attack has supposedly continued for about a day and then abruptly it stopped, the reports stated.
Affected users were displayed warning messages in their apps that weren’t as daunting as those messages that web browsers showed, which could means that some users were not even aware that an attack was happening.
In a screenshot posted at a news reporting website, an iPhone warning message displayed “Cannot Verify Server Identity,” but asks for user permission to continue anyways. However, when the same result was reproduced via the Firefox web browser, the message offered a far more detailed description of the error, saying that the error could mean that this might be a phishing attack (impersonating a person or site), and the person shouldn’t continue.
Blocks on foreign services has been a common site in China over the past few years. China’s censorship mechanism known as the “Great Firewall of China” is planning to shut down any individual or group attempting to gain freedom of speech to discredit the ruling Communist Party. Residents using foreign facilities, like Microsoft’s Outlook or Gmail, are being enforced to use local applications instead. That way the Chinese government can keep a check to figure out any signs of dissent.
Microsoft hasn’t commented anything on the matter yet, let’s wait what explanation it has to provide for this cyber attack.