What is a Man in the Middle Attack? (Part of the ‘Concise Byte Series’)

What is a Man in the Middle Attack? (Part of the ‘Concise Byte Series’)

Henry Dalziel | Concise Bytes | September 22, 2013

This is part of our new Concise Bytes Series where we take a look at common InfoSec concepts or indeed any important IT technology, concept or process that can be associated within Information Security. Many within our community, and visitors to our blog, are students hence the reason why we are offering this ‘Bite Size’ resources section! If you are a professional and know the answer then we’d really appreciate your comments below to correct or append this post!

During your security training and career you will hear, many times, the term “Man In The Middle” which is very often abbreviated to simply MITM.

What is a Man In The Middle (MITM) attack?
A Man In The Middle attack, within an information security perspective, is best defined as “eavesdropping”.

The attacker, (the hacker) forces himself in between the conversation a user is having with ‘the Internet’ or with another person. There are countless ways we interact with people, processes and systems when online and clearly a lot of that will be sensitive. Central to this attack (which incidentally has been covered many times by our Hacker Hotshot speakers; notably our demonstration of how to execute a VoIP hacking, exploitation and prevention: 15 min demo!”Skype Man-In-The-Middle-Attack using wireshark and via the SIP/ VoIP Protocol) from the hackers point of view is being able to place themselves between the end-user and the Internet TCP/ IP connection.

Both parties must not know of course that the attacker has placed themselves in the middle and that their conversation is being bridged and channeled exclusively through the hacker.

For a successful Man In The Middle attack, the attacker must be able to intercept every message that is happening between the two victims, and also, be able to inject messages or clear-text, into the compromised conversation.

Different Types of Man In The Middle attack
As you imagine, there is complexity in the subject and there is not just simply ‘one type of Man In The Middle attack’ – rather, the term is used to describe a category of attack. Here are a few types of MITM attacks:

  • ARP poisoning
  • WiFi WEP/ WPA/2 Hacking
  • DNS spoofing
  • STP mangling
  • Port stealing

The recent and best known MITM Attacks/ Hacks
If you are reading this any time in 2013 you will have heard of the NSA Scandal, if not then you have been living in a cave. Well, as it turns out, the NSA have basically been doing the world’s largest and most epic form of MITM attack. One of the key revelations of the NSA Scandal (through Edward Snowden) was that GCHQ (the UK’s equivalent on the NSA) has a “Top Secret” program called “Flying Pig” which essentially imitated Google’s servers.

Another recent MITM attack, once again, was managed by GCHQ> This time, September 20th 2013, a Cyber Attack was committed against Belgium’s largest telecommunications (Belgacom) company. The Belgium government are calling this “state-sponsored espionage” and has almost certainly greatly damaged the UK’s standing with Belgium and the EU.

In Summary
MITM is obviously a vast subject and it is difficult to do the entire subject justice here, but let us know your thoughts if we should add a paragraph or section to this post. We’d especially be interested to hear about examples and ‘famous MITM attacks’ so that we can continue to grow this post and Concise Byte Post!

Leave a comment or reply below...thanks!