China Using Man-In-The-Middle Attack Against Google
#1
One of the most shocking revelations from the Snowden documents was that the NSA and GCHQ are running "man-in-the-middle" (MITM) attacks against Google -- that is, impersonating the company's machines so as to snoop on encrypted traffic to them. They are able to do that through the use of secret servers, codenamed Quantum, placed at key places on the Internet backbone, which therefore require the complicity of the telecom companies. Of course, in countries like China, arranging for Internet streams to be intercepted in this way is even easier, so perhaps the following story on greatfire.org should come as no surprise:
Quote:From August 28, 2014 reports appeared on Weibo and Google Plus that users in China trying to access google.com and google.com.hk via CERNET, the country's education network, were receiving warning messages about invalid SSL certificates. The evidence, which we include later in this post, indicates that this was caused by a man-in-the-middle attack.
Greatfire.org's analysis of why China is using MITM attacks against Google on the education network, rather than simply blocking access completely, is particularly interesting. The problem for the Chinese authorities is that Google has now implemented HTTPS by default:
Quote:Google enforced HTTPS by default on March 12, 2014 in China and elsewhere. That means that all communication between a user and Google is encrypted by default. Only the end user and the Google server know what information is being searched and returned. The Great Firewall, through which all outgoing traffic from China passes, only knows that a user is accessing data on Google’s servers -- not what that data is. This in turn means that the authorities cannot block individual searches on Google -- all they can do is block the website altogether. This is what has happened on the public internet in China but has not happened on CERNET.
The reason is that access to Google is simply too important for the research community in China. Blocking Google entirely would therefore be counterproductive for the country's future:
Quote:The authorities know that if China is to make advances in research and development, if China is to innovate, then there must be access to the wealth of information that is accessible via Google. CERNET has long been considered hands off when it comes to censorship, for this very reason.
The MITM approach offers the perfect solution: it allows researchers to get most of the benefit of Google's huge Internet index, but can be used to block selective search queries or results when people try to access sites or information that Chinese authorities want to censor. As the Greatfire.org post suggests, the increasing use of encrypted connections for online services means that MITM attacks are likely to become much more common -- and not just in China.

Originally Published: Wed, 10 Sep 2014 10:43:23 GMT
source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Why is using crypto so hard for people? Ladyanne3 3 1,941 Mar 13, 2024, 13:25 pm
Last Post: heroskeep
  Using tor to torrent Fistandantilus 3 6,348 May 18, 2023, 09:17 am
Last Post: RodneyYouPlonker
  Anyone using ArcaOS ? Ladyanne3 2 6,693 Mar 10, 2023, 12:58 pm
Last Post: Fant0men
  Is it possible for your personal IP address to be identified when using a VPN? didnt_doit 9 15,177 Aug 22, 2022, 15:12 pm
Last Post: Slow Mo
  Why is my upload speed so low? (using Tixati) Ladyanne3 7 13,318 Apr 30, 2022, 17:46 pm
Last Post: RodneyYouPlonker



Users browsing this thread: 1 Guest(s)