iCloud allegedly attacked by the Chinese state.

Published: October 21, 2014 11:24 PM /



The cloud revolution was announced, then it came, and according to some people, it is long behind us. Not because it failed or course, but because it was so successful. But in a world where personal information is sent across networks, no longer stored on a device that we keep close to us, like an old fashioned address book, the question of how cloud services can assure security remains paramount.

In China, where the government is less apologetic about the lengths it will go to spy on it's citizens, it appears that a 'Man in The Middle attack' is being carried out at the scale of the country's metaphoric 'great fire wall' (see: Golden Shield Project). The attack interjects a third entity between users and servers, allowing that hidden party to gather usernames and passwords which can then be used to access all information stored on the real server.

Users who accepted this false certificate turned over their data

Greatfire.org, a website dedicated to monitoring and combating online censorship in China, has provided technical evidence to substantiate these allegations. Apple was already facing some heat after pulling anti-censorship apps from it's iStore and also it's recent decision to move iCloud storage of Chinese user data to centers within mainland china.This latest attack on the the ability of Chinese citizens to freely access the web coincides not only with the release of the iPhone 6 in that country, but also with ongoing pro-democracy protests in Hong Kong. The timing raises questions as to whether or not the government of that country is preparing itself against the kind of social media fueled political uprisings that have shaken totalitarian regimes across the middle east.

Of course, no one should pretend that this kind of spying only goes on in repressive countries like China.  In comparison to the NSA use of 'fiber-optic splitters' to copy and filter data directly from the telecommunications backbone, a MITM attack seems rather quaint. Furthermore, it was reported earlier this year that the NSA had capitalized on the Heartbleed bug to steal passwords and other sensitive information.


In fact, here's some information on how the entire NSA program works.

Have a tip, or want to point out something we missed? Leave a Comment or e-mail us at tips@techraptor.net