Outlook not so good as hackers hit Microsoft e-mail service

20 Jan 2015

Hackers in China last weekend compromised certain routes to Microsoft’s email service Outlook with a Man in the Middle (MITM) attack.

Outlook – merged with Hotmail back in 2013 – suffered an MITM attack, which saw access via SMTP and IMAP servers compromised, although web interfaces https://outlook.com and https://login.live.com were not affected.

It’s certainly not the first MITM attack in China in the very recent past.

In October, Apple had to take steps to guard against similar hacks, after allegations surfaced that Chinese authorities were targeting storage service iCloud to access users’ information through the attacks.

Google, too, has undergone some issues in the country, with Gmail still blocked in China.

Playing the blame game

Anti-censorship group Great Fire, then and now, attributes the blame right at the top of the Chinese surveillance department.

“We once again suspect that Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have willingly allowed the attack to happen,” it alleges, linking the attack to recent MITM attacks in China on the likes of Google, Yahoo! and Apple.

This type of MITM is particularly sneaky as, when using mail clients, warnings are not hugely noticeable. Most people would simply click ‘continue’ if such a warning cropped up.

In this instance, that opened up the correspondence to snooping. The attack has now ceased, it has been reported. Microsoft has yet to comment on the attack.

Image via Greatfire.org

Email attack image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com