Henry Dalziel | Concise Bytes | September 22, 2013
During your security training and career you will hear, many times, the term “Man In The Middle” which is very often abbreviated to simply MITM.
What is a Man In The Middle (MITM) attack?
A Man In The Middle attack, within an information security perspective, is best defined as “eavesdropping”.
The attacker, (the hacker) forces himself in between the conversation a user is having with ‘the Internet’ or with another person. There are countless ways we interact with people, processes and systems when online and clearly a lot of that will be sensitive. Central to this attack (which incidentally has been covered many times by our Hacker Hotshot speakers; notably our demonstration of how to execute a VoIP hacking, exploitation and prevention: 15 min demo!”Skype Man-In-The-Middle-Attack using wireshark and via the SIP/ VoIP Protocol) from the hackers point of view is being able to place themselves between the end-user and the Internet TCP/ IP connection.
Both parties must not know of course that the attacker has placed themselves in the middle and that their conversation is being bridged and channeled exclusively through the hacker.
For a successful Man In The Middle attack, the attacker must be able to intercept every message that is happening between the two victims, and also, be able to inject messages or clear-text, into the compromised conversation.
Different Types of Man In The Middle attack
As you imagine, there is complexity in the subject and there is not just simply ‘one type of Man In The Middle attack’ – rather, the term is used to describe a category of attack. Here are a few types of MITM attacks:
The recent and best known MITM Attacks/ Hacks
If you are reading this any time in 2013 you will have heard of the NSA Scandal, if not then you have been living in a cave. Well, as it turns out, the NSA have basically been doing the world’s largest and most epic form of MITM attack. One of the key revelations of the NSA Scandal (through Edward Snowden) was that GCHQ (the UK’s equivalent on the NSA) has a “Top Secret” program called “Flying Pig” which essentially imitated Google’s servers.
Another recent MITM attack, once again, was managed by GCHQ> This time, September 20th 2013, a Cyber Attack was committed against Belgium’s largest telecommunications (Belgacom) company. The Belgium government are calling this “state-sponsored espionage” and has almost certainly greatly damaged the UK’s standing with Belgium and the EU.
MITM is obviously a vast subject and it is difficult to do the entire subject justice here, but let us know your thoughts if we should add a paragraph or section to this post. We’d especially be interested to hear about examples and ‘famous MITM attacks’ so that we can continue to grow this post and Concise Byte Post!