Microsoft Outlook Users In China Hit With MITM Attack

DavidGilbert99 writes A month after it blocked Google's Gmail, the Chinese government now stands accused of hacking Microsoft's Outlook email service, carrying out man-in-the-middle attack to snoop on private conversations. From ZDNet: " On Monday, online censorship watchdog Greatfire.org said the organization received reports that Outlook was subject to a man-in-the-middle (MITM) attack in China....After testing, Greatfire says that IMAP and SMTP for Outlook were under a MITM attack, while the email service's web interfaces were not affected.

Confucius say he who does not know Chinese Govermt

[JoeyRox]

is reading his email is MITMWC, aka Man in The Middle Without Clue.

those protocols are allowed on purpose

They WANT you to use IMAP or SMTP, because it's so easily proxyable/snoopable.

Re:those protocols are allowed on purpose

[SeaFox]

And coincidentally, Windows 8's Mail program does not work with POP anymore.

Re:those protocols are allowed on purpose

You say that as if somehow POP were immune to MITM attacks which of course it ISN'T

Encrypt if you need to

[Ravaldy]

If my email communication was important enough, I would encrypt it since its the only way to protect against MITM.

Re:Encrypt if you need to

If my email communication was important enough, I would encrypt it since its the only way to protect against MITM.

Evidently you missed last week's news:

http://it.slashdot.org/story/15/01/14/2036249/nsa-official-supporting-backdoored-random-number-generator-was-regrettable

Re:Encrypt if you need to

[wiredlogic]

That still exposes headers. Sort of important if you're a political dissident who will be taken to task for even communicating with dangerous foreigners.

Re:Encrypt if you need to

[Ravaldy]

The communication between the client and server is fully encrypted including headers. If you can't trust the server you send the message to, it's no longer a MTIM attack but rather a server hijacking attack. If you encrypt the communication between the server and the client and encrypt the message body separately you are almost full proof. I realize nothing about this is as easy as it sounds but if it's required you will do it.

Re:Encrypt if you need to

When they say "encrypt the email", they aren't talking about server to server TLS connections, or SSL connections between client and server in the case of someone accessing outlook.com. That is what was attacked here, that's why it's a MITM. If it was unencrypted access to outlook.com it would just be MW - Man Watching.

Instead, they are talking about using PGP or similar to encrypt the body of the email, exclusive of connections. It still exposes headers because if you don't, the email doesn't get where you need it to go. Once it gets there, it still needs to be decrypted to be read by the client.

And in this case, if people were using outlook.com to read their email, if it supported PGP, without using a local mail handler - it is still not worth anything. Your email would be decrypted on that server so you could read it in your browser, and the MITM attack would still have gotten the contents of your message, because it was sent plaintext from server to browser. You *have* to read encrypted mail on a local application to prevent MITM attacks.

Encryption = same as an envelope for real mail.

[ron_ivi]

Totally agree encryption (PGP/GPG, S/MIME) is the right answer here.

Instead of relying on policies/laws to keep email confidential, I wonder if the internet would be a much safer place if the laws said that any unencrypted email has no expectation of privacy.

Unencrypted email should be thought of as more like a post-card -- where governments routinely scan them all for law enforcement.

If you want anything private in email, encrypt it.

And if it were widely thought of that way, corporations would insist on encrypted emails, so the email client vendors would make encryption easy instead of the pain in the neck it is today.

Re:Encryption = same as an envelope for real mail.

[Thagg]

Funny to see somebody complaining about the lack of a good encrypted email program.

"Geez, there's this billion dollar opportunity here that nobody is taking. Oh well, I'll just go back to reading Facebook." Come on man! Do it!

Re:Encryption = same as an envelope for real mail.

[ron_ivi]

It's not a billion dollar opportunity so long as people think email privacy is secured adequately by policies and legislation.

I think the best thing in the world for internet privacy/security would be if the laws were changed to state: "You have no expectation of privacy in any plain text email (other other communication) on the internet. Any such content can be freely used by your ISP, email hosting service, governments, ad-agencies, spammers, etc. If you want your email private, encrypt it.".

With such laws, it would be a billion dollar opportunity overnight, and the internet would be much safer for it.

But instead, corporations trust policies and laws to keep email private - even though those policies can and do change on a whim (or a Patriot act).

Imagine that.

[Black+Parrot]

A state spying on it's own citizens... shameful. I'd be outraged, unless of course they said it was part of the war on terror, or whatever China's current favorite boogeyman is.

Re:Imagine that.

[Opportunist]

What?

Damn those Chinese. Ain't it enough to copy our technology, do they have to copy our boogeymen now, too?

Re:Imagine that.

Wait... they copy our boogeymen... so China justifies its state spying because of the threat of _China_?? What a marvelous self-sustaining feedback loop! Why didn't the USA think of that?! Everyone, vote to strengthen the NSA as a defense against the NSA! We can have a Cold War right here at home without concern for unreliable partners who might declare peace or go into economic collapse at some point!

Re:Imagine that.

[DNS-and-BIND]

The Chinese Communist government has been at war with its own citizens since 1949. Nothing new here. There's Xinjiang separatists, but those are no big potatoes. China doesn't need an excuse, they govern by executive order. The biggest threat to the government is from its own people, so one can see why they would spy in this way.

Re:Imagine that.

[Opportunist]

Careful what you wish for, a domestic cold war is pretty much what we're heading for. It's likely that it's going to be asymmetric too.

Luckily this time WE will be the ones with the few resources.

Re: Encryption = same as an envelope for real mail

It already exists and all the coders know it. SMIME support is baked into practically every client out there. The only problem is that webmail is inherently unable to cope with end to end encryption, and too many people use browser-based email for SMIME to work.

Merely beta testing...

...for Cameron's plans for the West.

Capitalism with a Chinese face.

They were already subject to

[rlwhite]

Microsoft-In-The-Middle.

Re: Encryption = same as an envelope for real mai

The problem isn't that Joe User is too stupid. The problem is that these crypto systems are a real bitch to use effectively. They can take far too long to set up, and to work through any problems can waste too much time. Even when they're working, they're a pain in the ass to use. It's so bad that even experienced and knowledgeable people who can get them working don't want to bother with using these systems!

Who says that the attack is over?

[WD]

The evidence that China was performing MITM attacks on Outlook.com was because of temporary use of an SSL certificate chain that wasn't signed by one of the hundreds of root CAs included with modern operating systems. (and therefore the software complained)

If the software people are using stops complaining about the SSL certificate chain, does that mean that they're not performing MITM anymore? Hell no. At the very least it means that they're just using an SSL certificate signed by one of the hundreds of trusted root CA certificates. You know, like CNNIC. The internet organization with ties to the Chinese government.

Confusing

[buckfeta2014]

Microsoft Outlook, the email client... or Outlook.com the Hotmail replacement?

Re:Confusing

[sound+vision]

Hell, there's more iterations of Outlook than 2. Last year I was working in front line tech support, I was forced to acquaint myself with their existence.

Re: Encryption = same as an envelope for real mai

[tlhIngan]

The problem isn't that Joe User is too stupid. The problem is that these crypto systems are a real bitch to use effectively. They can take far too long to set up, and to work through any problems can waste too much time. Even when they're working, they're a pain in the ass to use. It's so bad that even experienced and knowledgeable people who can get them working don't want to bother with using these systems!

The big problem is key management, actually. The encrypted mail systems are mostly well integrated and "just work". E.g., PGP integrates into Outlook quite well - if you receive an encrypted email, it pops up a dialog asking If you want to decrypt it. Sending just means you need to pick to encrypt it and with what key (though that's usually embedded with the contact name, so even that is automatic).

The problem is sending keys - and most users would just blindly well, email them around. Then there's key management because you have to import those keys into your contacts.

And then there's interoperability - PGP works fine within an Exchange environment, but it doesn't seem robust enough that someone using another encryption system would be able to decrypt or encrypt messages. GPG might work for it, but still.

At least that was how it was when I last used it - we never did send it over the internet, just internal email.

Ah the good ol' days

[trippin_efnet]

Remember when we could look at these stories and say things like "Aww, those poor Chinese. Their government is awful, shady, intrusive, abusive, etc.." Now the U.S. government makes the Chinese government look good by comparison. -t

What about the NSA?

[AndyKron]

Isn't the NSA in the middle of everything already? How is this news?

Re:Confucius say he who does not know Chinese Gove

Hmm, would have been funny if user was the man in the middle, not the government. The user is at the end.

Re: Encryption = same as an envelope for real mai

[bmo]

Replying to you mostly for myself, to write down what I try to explain to people when it comes to what PGP actually is and if anyone gets edumacated by what I wrote, that's fine.

The problem is sending keys - and most users would just blindly well, email them around.

This is why we have public key encryption, e.g., PGP, in the first place.

You're supposed to post/email/etc the public key to your various contacts to encrypt. It doesn't matter what the channel is that you use to transport the public key - email, web page, broadcasting as a numbers station, shouting, etc. The public key can be intercepted all the time by TLAs and other nefarious mob-related organizations. It doesn't matter.

Alice: "Hey Bob, I'm trying to figure out this encrypted mail thing. Send me some encrypted mail. Here's my public key."

public key gets sent through normal email

Bob: "OK, got it." Bob then encrypts his message professing his undying love with the public key and sends it to Alice. He also sends his public key to Alice with it.

Alice decrypts with her private half (which she never gives out) of the public/private key pair and reads the email.

Alice says "I didn't know you loved me." to Bob.

Then there's key management because you have to import those keys into your contacts.

Modern MUAs handle these easily. It's up to the user to save the keys. There is just so much hand-holding that can be done.

>Other than PGP, such as anything using AES is problematic

>GPG

Both PGP and GPG are compatible with each other.

It's not just that MUAs aren't all configurable to use other encryption algorithms, it's that anything that uses symmetric keys, like AES, requires a key exchange out-of-band for it to be any practical use. And that is problematic in itself.

--
BMO

CNNIC

[manu0601]

The paper points that CNNIC is under government control and should not be trusted as a CA, but the attack described does not involve any CNNIC wrongdoing: the rogue certificates were self-signed

That is nonsense to me. Indeed CA integrity should be questioned, but wrongdoing CA leaves trails, since a bad CA they issue is signed.

Re:CNNIC

[T-ice]

I agree. Hopefully more user agents(MUA and browsers) will come with some system of certificate pinning on by default, just to be on the safe side. I'm confident that would offer motivation to keep CAs honest. And it's quite likely that we'd find a few that aren't so honest. Although, there is still what I call the "lavabit attack" (certificate theft by court action) which, if successfully kept silent, would be completely undetectable.

Use a vpn like software.

[leuk_he]

I bet the technical chinese users are becoming real good in VPN and simular technologies. Please tell me, what are the methods that still work to cross the great chinese firewall.? Any good blogs where this is discussed?

Re: Encryption = same as an envelope for real mai

[DarkOx]

Where it all breaks down though is you need to get a public key from a trusted source.

For instance with SSL it works.
A)You ask for example.com and get 244.244.244.244 as the DNS result.

B)244.244.244.244 responds and presents a certificate (public key) for example.com

C)You check the certificate for example.com is legit by verification of a signature done with a 3rd party private key and check that with a public key you already have (root CA list). You can now trust 244.244.244.244's claim to be example.com and use that public key to decipher message sent to you with its private key. (which you will use to exchange a symmetric key, but that's getting off topic).

The problem with your example above with e-mail is that Bob has no way to authenticate the original message from Alice. He can't know that the public key he has been sent really from Alice and not his wife spoofing Alice's address because she suspects Alice is a mistress. Bob is how we say 'screwed'.

The only way it can work is if someone counter signs for Alice that Bob already trusts. With SSL and the 3rd party CA system its do able because Companies only have so many Web servers they are willing to pay Verisign or GeoTrust to essentially act as a notary. They won't do this for every employee that wants to send mail, the general public can't be arsed to do it either. So the CA model does not work.

Hence we have the web of trust model. This depends on your belief that most people in that web are responsible about who they 'trust' as authentic sources of keys. It assumes that most senders properly guard their private keys, or even understand they need to guard them and against what. There is zero evidence to suggest the general public has this understanding or capability.

Then there is the problem of web mail. If everyone is just going to hand Google (I am picking on them because of the popularity of GMail) their private keys we are ONE breach away from the entire system crashing down. If you implement some kind of client side encryption with javascript we ware still ONE breach away, someone gets in and replaces the javascript with a malicious one, your client trusts it because well it came from Google's server. It also makes webmail inherently unportable because you have to bring your key with you and what enter it into every untrusted systems all the time?

The GP is right, the problem is key management.