Great Firewall of China Is Intercepting Yahoo Searches in China
Web Services
The Chinese government has been orchestrating a continuous so-called man-in-the-middle attack against Yahoo in China, to monitor netizens’ online activities.
The nearly unprecedented tactic comes as thousands of protestors swarm the streets of Hong Kong insisting that the government allow real democracy in the autonomous region.
With a MITM attack, the government can manipulate communications between users and the search engine – communications which are normally secret-coded. Censors also can block search terms or specific Yahoo links to prevent Chinese users from seeing information about the uproar.
Apparently “the MITM is performed somewhere in China, just 6 or 7 router hops away from the users,” according to a blog post by Netresec researchers.
The government procured a fake certificate to break the encryption. Certificates ensure a coded connection really goes to the intended recipient, in this case Yahoo. By inserting a fraudulent certificate, an attacker can drop into the middle of the virtual conversation and toy with the connection.
The researchers analyzed the questionable certificate and found it was “self-signed” by the certificate-holder rather than a trusted certificate authority.
“The fact that the MITM uses a self-signed certificate makes the attack easily detectable even for the non-technical user, since the web browser will typically display a warning about the site not being trusted,” Netresec reports.
However, users often click through these warning messages without a second thought.
The assault was first reported on Sept. 30 by GreatFire, a group that tracks Chinese censorship.
"We think the Chinese authorities feel Yahoo is too big to block all together," Greatfire member Percy Alpha told Mashable. "But the Hong Kong protest means that some articles have to be censored."