On Saturday, Outlook users in China began seeing an ominous error message. Trying to retrieve mail, an error popped up that Outlook was unable to verify the identity of the mail server. According to a new report from the watchdog group Great Fire, someone was sitting between the client and the server for a full day, collecting the mail and potentially even altering it on the fly. It's called a man-in-the-middle attack, and since Outlook was serving its messages over HTTPS, users were alerted by an error message as soon as the attack happened. Unfortunately, in many cases users will simply click "continue," ignoring the attack and forfeiting any protection the encryption provides. Notably, the attack didn't target web users on login.live.com or hotmail.com, instead focusing on the IMAP and SMTP servers that serve mail to Outlook clients.
There was no direct evidence indicating who was responsible, but Great Fire named the Chinese government as the prime suspect, since it would be difficult to pull off such an attack without comprehensive access to the country's telecom infrastructure. It would be a new kind of attack for Chinese authorities, and Great Fire suspects the attack was most likely a test run. "By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack," the report writes. It's a reminder that users should always hit "cancel" when faced with a server identity error, whether in China or elsewhere. It's also troubling news for Chinese users, who are left with fewer and fewer options for private communication. Gmail is still unavailable for users on the mainland, and in October, the country staged a similar attack on iCloud.