China Hits Back at MITM Outlook Claims

Chinese online censorship body the Cyberspace Administration of China (CAC) has hit back at claims made by activists this week that the authorities allowed a Man in the Middle (MITM) attack against Outlook users in the country.

CAC spokesman Jiang Jun branded the claims “groundless slander” and “unsupported speculation,” and claimed they were designed to “incite dissatisfaction and smear China's cyberspace management system,” according to state-run outlet Xinhua.

He also argued that anti-censorship body Greatfire.org, which made the claims earlier this week, was run by “overseas anti-China forces.”

Greatfire.org said in a blog post on Monday that it believed the CAC – which governs China’s certificate authority CCNIC – was behind the attack, which lasted for about a day and targeted mobile users of the Microsoft email system.

“The authorities are most likely continuing to test their MITM technology. The authorities may also be gauging user response,” it argued. “By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack.”

The rights group also urged Microsoft, Apple and others to revoke trust for the CCNIC, which has been implicated in similar attacks against iCloud, Google and Yahoo users.

Greatfire.org co-founder Percy Alpha responded to Beijing’s rebuttal of the claims in detail, in an email to Infosecurity.

He argued that the body’s accusations weren’t “groundless” – in fact they have been confirmed by Microsoft, as other MITM “accusations” in the past have been confirmed, by Apple and others.

Alpha also responded to the claims made in Xinhua that Greatfire.org’s blog post was “unsupported speculation” by pointing out that his team “provided data collected during the attack, multiple reports confirming our analysis, screenshots, independent analysis from security experts,[and] independent tests from Chinese users.”

“If CAC claim they are not responsible, how could someone get into the backbone of Chinese internet and implement nation-wide attacks six times over the course of two years without being noticed?” he added.

“How come related reports on MITM are censored, even those on state media People's Daily?”

Greatfire.org was not founded by “anti-China forces,” incidentally a common phrase used by the authorities to undermine any criticism of Beijing.

Instead, Alpha and his co-founders set up the group in 2011 to fight Chinese internet censorship, with its main role to test and report on the various measures taken by the Great Firewall to block forbidden content and monitor Chinese citizens.

Alpha claimed the Chinese version of the Xinhua article further blames the group for timing its revelations to coincide with a CAC announcement that it had closed down multiple illegal websites and WeChat accounts.

“How can we ‘time’ the incident while they are the attacker? Microsoft has confirmed the incident. Unless we're colluding with Microsoft, there is no way to time it,” he told Infosecurity.

“The timing of closing down of WeChat accounts and websites with Outlook MITM further proves CAC are cracking down on information flow. Closing websites and Outlook MITM might even be in the same crackdown plan.”

What’s Hot on Infosecurity Magazine?