Chinese Hackers Suspected in iCloud, Website Attacks
As protests in Hong Kong continue, security researchers have seen increasing use of strategic Web compromises targeting the devices of pro-democracy dissidents.Man-in-the-middle attacks on Apple's iCloud service and the compromise of a handful of pro-democracy Websites have targeted Chinese users over the past three weeks, according to analyses of the attacks. On Monday, GreatFire.org, a Website shedding light on the filtering done by China's Great Firewall, posted an analysis of a man-in-the-middle attack that masquerades as the authentic login portal for Apple's iCloud service. Any user who falls victim to the ruse has essentially handed the attackers, thought to be the Chinese government, the keys to their personal information. While previous attacks on Google and Yahoo used a similar technique, by targeting Apple, the attackers gain access to more information, GreatFire stated. "This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, [and] contacts," the site stated. "If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities."
The claim of an attack by the Chinese government comes after another security group documented a series of strategic Website compromises that aimed to infect visitors to pro-democracy sites. Websites for the Alliance for True Democracy, the Democratic Party of Hong Kong and People Power—all from Hong Kong—were compromised to host code that would cause visitors' Web browsers to attempt to download a malicious file, according to an analysis by security services firm Volexity.