Chinese government cyber division accused of hacking Google

By:

A wing of the Chinese government has been accused of being behind a recent attack on Google, as well as previous hacks on Microsoft, Apple and Yahoo.
 
Anti-censorship organisation GreatFire.org today highlighted a recent admission by Google that it had been the subject of a “man in the middle” (MITM) attack which it traced back to the China Internet Network Information Center (CNNIC). 
 
This is the agency responsible for internet affairs under the Ministry of Information Industry of the People's Republic of China. 
 
Google posted a blog on Monday saying it had become aware that a company called MCS Holdings had issued “unauthorised digital certificates for several Google domains”, and that MCS had been contracted by CNNIC.
 
"The mis-issued certificates would be trusted by almost all browsers and operating systems,”  security engineer Adam Langley, said in the blog.
 
Man-in-the-middle attacks allow the perpetrator to intercept secure traffic, and can be used to harvest information including passwords. 
 
Langley said there was “no indication of abuse and we are not suggesting that people change passwords or take other action”.  
 
"At this time we are considering what further actions are appropriate,” he added. 
 
GreatFire said more action was needed than simply blacklisting the intermediate certificate. 
 
"CNNIC is still trusted by these platforms and the Chinese authority can sign other intermediate certificates in order to launch future MITM attacks,” the organisation said in a blog post.
 
"We once again call for Google, Mozilla, Microsoft and Apple to revoke trust for CNNIC immediately in order to protect Chinese user data and user data worldwide."

Subscribe

Subscribe to the City AM newsletter to have our top stories delivered directly to your inbox.

Subscribe
By signing up to our newsletters you agree to the Terms and Conditions and Privacy Policy.