The U.S. Federal Bureau of Investigation warned U.S. Businesses in early October that hackers it believes to be backed by the Chinese government have recently launched attacks on U.S. Companies.
Days later, Apple’s iCloud storage service China was attacked by hackers trying to steal user credentials. Greatfire.org, a Chinese web monitoring group, broke the news online and adds that it believes that Beijing’s Cyberspace Administration of China is behind the campaign.
Using what is known as a man in the middle attack to intercept user data. This is when the attacker intercepts messages and then retransmits them, substituting his own key for the requested one, so that the two original parties still appear to be communicating with each other. Earlier in the day, Google and Yahoo faced similar attacks.
The attack coincided with the release of the new iPhone 6 and iPhone 6 Plus in China. Apple added new security measures to its latest phones, designed to limit government and law enforcement surveillance of users.
Ironically, China’s Ministry of Industry and Information Technology accused Apple’s iPhone of posing a threat to China’s national security and delayed the release. Bowing to government pressure, Apple’s iCloud data storage was shifted to China Telecom, which was the target of the attack.
Greatfire.org explains that since the attacks appear to originate from “deep within the Chinese domestic Internet backbone” data interception would not have gone unnoticed by Chinese Internet providers.
The timing of the hack could be related to tens of thousands of Hong Kong citizens taking to the streets seeking freedom from the mainland Chinese government. Chinese authorities could gain access to photos and data stored on iCloud related to the Hong Kong protests.
This operation does not just affect China, but for Internet users everywhere in the world. In December, news emerged that the Cyberspace Administration of China was now in charge of China Internet Network Information Centre; the authority that issues digital certificates to Web sites here. Web browsers all over the world are now trusting the Chinese government to tell it which sites are genuine.
Foreign companies are bending over backwards to comply in exchange for market access. These attacks are these companies paying the price for that privilege.
Policies mandate that vendors file sensitive IP, such as source code, with the Chinese government. While foreign entities are hesitant to adhere to these policies, the potential for impressive profits in China makes compliance tempting. And to the extent that they do comply, experts say, the companies’ hardware and software become vulnerable to Chinese hackers who could obtain those keys.
Incidentally, Apple posted the biggest quarterly profits in its history thanks partly to booming sales of the iPhone 6 in China, revealing that it sold more iPhones in China than in the US in the final quarter of 2014.