Suspected Chinese government hackers behind new iCloud account attack

Here we go again.

Suspected hackers working for the Chinese government are believed to be behind a new series of attacks aimed at the accounts of iCloud users in that country.

The attacks on the iCloud service began on Monday, security experts quoted in The Guardian said. The new iPhone 6 and 6 Plus was released that day in China.

The attacks are thought to be the so-called “man-in-the-middle” type. In this case, the attacks occurred when data passing between a user to the iCloud service, is intercepted and tricked into routing the data to a third party instead. In this case, the hackers themselves.

More specifically, the Chinese cyber criminals used a self-signed certificate, which bluffed Web browsers with false information: that access to the iCloud site was through a secure connection. Once the browser takes the bait, hackers basically have unfettered access to that individual’s account.

Apple takes their security seriously and assured users they were working to plug the holes. Apple suffered a series of embarrassing breaches earlier this year in which accounts of Hollywood celebrities saw their accounts accessed. Some of the celebrities had nude photographs of themselves posted to websites without their authorization.

The Chinese Internet freedom advocacy group GreatFire.org said the attacks bore some of the hallmarks of earlier breaches against GitHub, Yahoo, and Microsoft. And it places the blame for today’s attacks squarely on the backs of the Chinese government.

Microsoft has been under steady fire by the Chinese government for suspected antitrust violations since the summer. U.S. intelligence officials believe that possible information given to Chinese authorities by former NSA contractor Edward Snowden in Hong Kong may be behind the clampdown — at least in the case of Microsoft, which has a large presence in the country. Snowden fled first to Hong Kong before flying to Moscow, where he remains.

GreatFire said in a blog post:

“This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different.

“If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos, and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”

Apple did not immediately return a request for comment.