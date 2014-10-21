(Adds comments from Apple, paragraphs 3-7)
By Jim Finkle, Gerry Shih and Ben Blanchard
BOSTON/BEIJING Oct 21 Apple Inc's
iCloud storage service in China was attacked by hackers trying
to steal user credentials, a Chinese web monitoring group said,
adding that it believes the Beijing government is behind the
campaign.
Using what is called a "man-in-the-middle" (MITM) attack,
the hackers interposed their own website between users and
Apple's iCloud server, intercepting data and potentially gaining
access to passwords, iMessages, photos and contacts,
Greatfire.org wrote in its blog post.
An Apple representative declined comment on the allegations
that Beijing was trying to spy on Apple customers, but noted
that the company had updated its technical support page to
provide advice on how to protect against such attacks.
"We're aware of intermittent organized network attacks using
insecure certificates to obtain user information, and we take
this very seriously," the page read.
Apple tells users to never enter their iCloud password if
they get warnings about invalid digital certificates when
visiting www.icloud.com. It also describes procedures users can
use to verify they are connected to Apple's legitimate site when
using various browsers.
Greatfire.org, which conducts research on Chinese Internet
censorship, alleged government involvement in the attack, saying
it resembled previous attacks on Google Inc, Yahoo Inc
and Microsoft Corp's Hotmail.
Asked about the attack, Chinese Foreign Ministry
spokesperson Hua Chunying told a daily news briefing that
Beijing was "resolutely opposed" to hacking.
The attack cited by Greatfire comes several weeks after
Apple said it would begin storing iCloud data for Chinese users
on China Telecom servers.
It also coincided with the start of iPhone 6 sales in China,
which began Friday after weeks of talks between China and Apple
over what the government said were cybersecurity concerns.
Two independent security experts contacted by Reuters said
Greatfire's report appeared credible.
"All the evidence I've seen would support that this is a
real attack," said Mikko Hypponen, chief research officer at
security software developer F-Secure.
Greatfire.org said the attack most likely could not have
been staged without knowledge of Internet providers like China
Telecom, given they appeared to originate from "deep within the
Chinese domestic Internet backbone".
But the group said the attack may not be linked to Apple's
recent decision to store user data on China Telecom servers.
It was unclear if the hackers were still active. Apple did
not have an immediate comment when contacted.
A China Telecom spokesman said: "The accusation is untrue
and unfounded."
Apple said at the time the move to China Telecom was made to
improve the speed of service for Chinese servers and flatly
denied the possibility that it would expose user data.
