China’s Outlook email faced man-in-the-middle attack

Outlook email users of China faced an outage over the weekend, possibly a victim of man-in-the-middle attack, according to media reports.

Chinese users could not access the Outlook email, a free email service from the Microsoft, on Jan 17. Only IMAP and SMTP protocols on desktop and mobile were affected while the web interface remained unaffected, reported GreatFire, a Chinese web monitoring website.

The users noticed a minor error, which could be easily mistaken for a network issue. But it was a man-in-the-middle attack and in all possibilities, it could have been the handiwork of the Cyberspace Administration of China—a body regulating the Internet censorship in the country.

chinas-outlook-email-faced-man-in-the-middle-attack

GreatFire, through a trial test, confirmed that a self-signed security certificate was being used to make the connection and it was most likely a test run.

“By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack,” noted the website.

It was a reminder to users that when faced with server identity errors, they should always hit “cancel.”

The website also reports that this may be an act of Chinese government restraining its users from foreign Web services. As such, Gmail is unavailable to Chinese users and a similar attack was staged on iCloud in October.


Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters' Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.