Man-in-the-middle attacks is when the attacker inserts themselves in the middle of their victims’ connections, thus being able to intercept messages sent back and forth. An example would be to direct users to fake websites set up to look like the actual website of a bank, so when the user enters their information, the information is then sent to the hacker who can then use those credentials to log into the actual bank’s website.Over in China, it seems that Microsoft’s Outlook email system was subject to such an attack. This is according to Greatfire.org, an online censorship watchdog who reported that such attacks were taking place. Their report found that IMAP and SMTP for Outlook was under a man-in-the-middle attack, but thankfully it seems that Outlook for the web was not affected. The attack has since stopped but lasted a day while it was active.
In a statement released by a Microsoft spokesperson, “We are aware of a small number of customers impacted by malicious routing to a server impersonating Outlook.com. If a customer sees a certificate warning, they should contact their Internet service provider for assistance.” While it is unclear as to who is behind the attacks, Greatfire.org has their suspicions.
According to them, “We once again suspect that Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have willingly allowed the attack to happen. If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor.”
Filed in . Read more about China, Hacking, Microsoft and Outlook.