Update: Apple is aware of the attack, via CNBC. As expected, Apple’s own servers were not compromised.
Although unconfirmed, GreatFire is reporting that Apple is now the subject of Chinese government hacking attempts. According to the report, the government is using the institutional firewall to redirect traffic directed at iCloud.com to a fake page that resembles the iCloud.com interface almost perfectly.
Like other phishing attacks, this page is pretending to be Apple’s portal but instead intercepts entered usernames and passwords for other means. Although some browsers in China are set up to warn users about these kind of man-in-the-middle attacks, many don’t and (assumedly) many citizens disregard the warnings as the site appears quite genuine otherwise.
If true, the implications for Apple vis-a-vis Chinese relations are huge. Apple and the Chinese government have seen to have a friendly relationship in the past, so it is unclear why the government would want to ‘rock the boat’ with such an attack now. We’ll update if we hear more information or a comment from Apple on the situation.
More information about the attack, including technical logs and trace routes, can be found on the GreatFire website.
FTC: We use income earning auto affiliate links. More.
As you’re not reporting on the actual hacking, but are instead reporting on a report, you should really not use a headline that purports to be factual. This is especially glaring since the very first words of your post are “although unconfirmed”
This kind of writing would receive a failing mark in grade 7.
More important than a failing mark for a blog however is loss of readership, and this is the kind of click baiting that will drive your followers away. I’m already on the fence myself.
The headline specifically says “Chinese Government APPARENTLY phishing…”
The definition of ‘Apparently’ is “as far as one knows or can see”
It specifically states its not absolutely true in the title, get a dictionary out before you bash people.
Sorry, apparently does not cover what this story is reporting. There is no apparent evidence to the writer. You should probably revisit your consultation of the dictionary and look up the word Engadget more aptly used, “allegedly.”
They are not the same thing. Not by a long shot.
“Allegedly” or “reportedly” or blah, blah, blah “says website…”
It’s absolutely a Fake… Why did u write a news with this amount of “fakeness”?
I thought it was pretty much given that the Chinese government watched everything its citizens do. I would be more surprised if the headline was “Chinese Government doesn’t spy on citizens with iCloud accounts” or something to that effect.
I perceive the mandate of 9to5Mac.com is to report on all rumors. I think that this story is valid, and, as a loyal reader, I commend, and thank, 9to5Mac.com for bringing this story to my attention. Keep up the great work!
This is real, I found this since yesterday. Although I can’t confirm that it’s China government behind this, but connect to iCloud did show me warning about the SSL certification is incorrect.
I’m in China, and this sounds exactly what our government does. They’ve already done that to Google.
First, pollute DNS to resolve domain to fake IP addresses for their servers, censor the content, then proxy to the real server. It’s not Apple’s fault, rather a vulnerability in fundamental Internet protocols.
Windows so ugly! Ha
My friend in China did not see this happening when they checked.
The US government is probably taking notes.
What a shame to 9to5mac reporting such a unidentified political rumor!