Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Chinese Authorities Allegedly Harvesting iCloud Logins Using Redirected Dummy Site
- Thread starter MacRumors
- Start date
- Sort by reaction score
Or the NSA finds holes in the OS and never tells apple. It's not hard and has happened many times (every jailbreak exploits one of these holes). These guys are among the smartest people in the world. I hope Apple's servers are 100% secure but I'm not crazy enough to think it would take magic to access their servers. Computers CAN be cracked.
You are right there isn't much difference between the Chinese government and the NSA.
Neat, the downvote came back...very briefly.
Oh, on topic... I would put it more at skepticism... emphasis on "people who dislike China believing everything at the onset" rather than "conspiracy", but yours works too.
Probably.
Edit: I just realized I may have made it sound like I downvoted you (I didn't).
Last edited:
China: "All your nudes are belong to us!!"
That takes me way back...to when "funny animations" websites were still a thing and Macromedia Flash was a synonym for "jagged".
Phishing isn't exactly right; it would be phishing if there had been an email sent out or a bad link seeded on search engines that was directing people to this fake login page.
This is different, because it is an attack relying on the Chinese government's Great Firewall control of the entire network to redirect requests to a particular IP address--one of the ones used by iCloud.com (apparently they're not currently targeting all of them)--to the scam site.
Such an attack could be instituted on any compromised network--for example, a bad-acting WiFi network, or a hacked corporate network, but it is not referred to as phishing in those cases, either, it's a Man In The Middle attack. Such an attack can often be foiled by the same means that phishing attacks are stopped--the security cert doesn't check out, for example, as in this case--but the method and vector of attack are entirely different, even if the end destination--a fake login page--is the same.
Phrased differently, if you get phished, you unwittingly log into http://www.iclud.com or scam.com/icloud.com or something of the sort. If you get MITM'd, you are logging into iCloud.com, but it isn't actually the server that's supposed to be behind iCloud.com. They're far more insidious.
----------
While theoretically possible, because of the way this attack is being carried out, it would require compromising of the network at a very low level outside China's borders.
It's very easy for the Chinese government to do such redirect MITM attacks because of the Great Firewall. The rest of the internet it certainly can be done--we've all read about the US government's wanton data scraping of traffic passing through hubs--but it would represent a new level of intrusive behavior of corrupting DNS/routing traffic directly rather than passive observation, something that would require both compliance by a major US network provider and cause global outrage from allied countries and the entire technology sector if they were caught, plus it would be additionally difficult to make it look like the redirect was being caused by the GFW and pointing to a PRC-controlled server.
Additionally, the PRC has an existing record of doing such things, while if it wasn't them they'd have every reason to deny it and point fingers for political points and the massive international embarrassment it would cause the US. It would also be additionally easy for them to prove that it wasn't them, since the redirect would by necessity have to happen in networks outside their borders.
Point being, while a false flag operation is hypothetically possible, it doesn't really pass the smell test for both technological and political reasons.
Two Step, two step with us.
----------
Oh great even more work for the appointed great firewall nude photos expert to sift through. Going to be more late nights.
FYI, this is a real job
----------
Oh great even more work for the appointed great firewall nude photos expert to sift through. Going to be more late nights.
FYI, this is a real job
When you have equipment accessing the core fibre trunk in every major Central Office in the country, you don't need to do any site spoofing like this.
----------
Hit the Chinese Democracy sites across the web. You are closer than you think.
Makes you appreciate more even the basic freedoms we have in the USA. Only thing, since all my Apple gear is actually manufactured in China... I hope someone is checking the chips to make sure there is nothing funny going on in there...
Beware of "Privacy Proxies"
If you use any of these for 'Privacy' filtering proxies, you are risking yourself to exposing your personal data (including login information) to the Chinese government or any other authority, entity, hacker, etc.
If you use any of these for 'Privacy' filtering proxies, you are risking yourself to exposing your personal data (including login information) to the Chinese government or any other authority, entity, hacker, etc.
I understand that. I also understand it can be detected. Apple can create systems that sniff the slightest anomaly, in fact I suspect that they have them. I implied magic because well...
You would have to have someone figure out an exploit for a vulnerability. That exploit can not be detected when used. If it was detected Apple could quite easily go public with it. Who would look bad then? Not only that, but I would bet that Apple has people that attack the systems Apple puts in place (pen testing). I am sure that Apple does not want to get sued because of an information leak.
I'm not sure I'd leave the UK even if we did something ridiculous like leaving the EU as all my friends and family are here...
My point is that over the past 20-30 years China's government has made huge strides in almost every area, including human rights, whereas our governments haven't achieved all that much over the same time period. Some of that is because our countries were better governed to start with, but not all.
They have made huge strides from where they use to be but they are no where close to the united states/UK human rights.
But in terms of getting stuff done their government has been massively successful. Sure China could become a western style democracy, I think they'd be disappointed.
FWIW India is democratic and it has pretty poor human rights for those in poverty in the countryside.