The attack, first reported on Monday by Greatfire.org, an activist group that monitors Internet censorship in China, was confirmed Tuesday by Apple. It issued a statement in English and Chinese saying the company was “aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”
Greatfire.org blamed the Chinese government, saying the attack resembles those launched in recent months by government hackers against other American technology companies, including Google and Yahoo. “We’re 100 percent certain,” said Percy Alpha, who like other members of Greatfire.org uses a pseudonym to avoid detection by government officials. “If you see the techniques, it coincides with previous attacks.”
The group said that the full geographic extent of the attack is unknown. It centered on a single IP address, which Apple stopped using for its iCloud service on Tuesday, according to Greatfire.org. The group speculated that China was hoping to collect user names and passwords for iCloud because the newest iPhones will include a strong new form of encryption that governments will have a difficult time cracking, limiting their ability to monitor the communications of its citizens.
China denied responsibility for the attacks. "I have no information of this report yet," Chinese Foreign Ministry spokeswoman Hua Chunying said at a daily news briefing in Beijing on Tuesday. "China is resolutely opposed to hacker attacks in all forms, and China itself is a major victim of cyber attacks."
Apple said the attack did not compromise the company’s iCloud servers and do not appear to affect users in other countries. The company did not blame the Chinese government or anyone else for the attack, devoting most of its public notice to warning users about how to avoid falling victim. Security of the iCloud service has been a sensitive issue for Apple since hackers this summer stole intimate photos from the accounts of Hollywood celebrities and posted the images on the Internet.
Encrypted Web sites typically display an icon of a closed lock to indicate that communications are protected. Most browsers popular in the United States – Safari, Chrome, Firefox and recent versions of Internet Explorer – can detect a man-in-the-middle attack and warn users against connecting with the insecure site. Customers attempting to reach iCloud from their iPhones or Apple Mac computers also would be protected against a man-in-the-middle attack, the company said.
Some browsers on laptop or desktop computers, however, give users the option of connecting anyway, even after posting a warning box. “A lot of users are likely to just click through this, and that’s something to worry about,” said Jonathan Zdziarski, a security researcher based in New Hampshire.
Greatfire.org said that at least one browser popular in China, the Qihoo 360 browser, does not warn against man-in-the-middle attacks, leaving users vulnerable to having their data stolen.
William Wan contributed to this report from Beijing.