On Monday, censorship monitor GreatFire.org reported apparent efforts to intercept Chinese Apple users’ data, attributing the attacks to Chinese authorities and warning Apple that its efforts to maintain a “cozy and snuggly relationship” with them would not protect it from interference. But Chinese Foreign Ministry spokeswoman Hua Chunying brushed off the suggestion in a Tuesday press briefing, Xinhua reports:
“I have no information of this report yet,” Chinese Foreign Ministry spokeswoman Hua Chunying said at a daily news briefing.
“China is resolutely opposed to hacker attacks in all forms and China itself is a major victim of cyber attacks,” she said.
[…] The spokeswoman said “wild guesses and malicious blemish” will not help solve cyber issues. [Source]
The latter comment follows senior diplomat Yang Jiechi’s admonition to Secretary of State John Kerry that “due to mistaken U.S. practices, it is difficult at this juncture to resume Sino-U.S. cyber security dialogue and cooperation.” Last week, People’s Daily Online accused the U.S. of using “gimmicks” to demonize China on cybersecurity:
The documents leaked by Edward Snowden show that US National Security agency has tried to gain access to sensitive data in the global communications industry. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks. This clearly reveals the true colors of the US for all its posturing as the world’s policeman.
[…] China defends its cyberspace security resolutely. The Chinese government and military have never launched any cyber attacks. Confronted with threats of internet attack, China remains committed to combating cyberspace crime. The US can smear China all it wants; it will not succeed in erasing its image as a network attacker. [Source]
But many security experts agreed with GreatFire.org’s conclusion that Chinese authorities are strongly implicated in the iCloud attack. From Paul Mozur, Nicole Perlroth And Brian X. Chen at The New York Times:
“All signs point to the Chinese government’s involvement,” said Michael Sutton, vice president for threat research at Zscaler, a San Jose, Calif., security company. “Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government.”
The targeting of Yahoo, Google and Apple also potentially reveals a new Chinese government effort to adapt to initiatives by Internet companies — most notably new encryption techniques — to protect user data from government spying.
“The Chinese government could no longer sniff traffic, so they intercepted that traffic between the browser and the iCloud server,” Mr. Sutton said.
[…] “As more sites move to encryption by default — which prevents the censorship authorities from selectively blocking access to content — the Chinese authorities will grow increasingly frustrated with their ability to censor that content,” said [a] GreatFire spokesman. [Source]
Others quoted by the BBC and The Wall Street Journal agreed, though the consensus was not quite complete. From Scott Thurm:
[… S]ome security analysts raised skepticism that Beijing, with sizable resources at its disposal, would order an attack that is so easily detected.
“This doesn’t seem like the sort of attack an adversary with the resources of a government would attempt, since connecting users would see a very obvious security warning from their browser. It’s more likely the sort of attack you’d see from someone with limited resources,” said Kevin Milner, a researcher working on Internet infrastructure security at Oxford University. [Source]
The Intercept’s Morgan Marquis-Boire suggested to Motherboard that the attack’s extreme bluntness could be a deliberate message.
Without specifically referring to China or the GreatFire.org report, Apple published a new support document on verifying browser connections to iCloud.com. “Apple is deeply committed to protecting our customers’ privacy and security,” it said. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”