Man In The Middle Attack Terrible Truth - What is it, Examples and How to Prevent MITM Attack
What is Man In The Middle Attack?Man In The Middle Attack (MitM) is the type of cyber-attack when hackers (attackers) intercept communication between two parties (usually user and application) and make way to modify that communication. The user has no idea that something strange is going on. The primary goal of the MitM attack is to get valuable information and direct collected information to the compromised website. This is the most basic man-in-the-middle attack definition and as you can see the whole process involves three players. Two victims that are NOT aware of the fact there is a man-in-the-middle (third player) who listens their communication. Since victims don’t have a clue that they don’t communicate with each other, but with an attacker that sits in the middle, they quickly pass most crucial information. Info like bank account logins, social media logins, credit card numbers, or corporate emails can easily go in the hand of digital intruders. It is usually too late once the victims suspect something is wrong. The damage has done. In the corporate world, this usually means a loss of millions of dollars. Very often MitM attack involves some other type of cyber attacks like phishing or social engineering. Unfortunately, there is a lot of “black hat” and hacking websites that offer step by step man-in-the-middle attack tutorials. The same websites offer MITM tools that novice hackers need to master to become successful cybercriminals. Tools (that are by the way very cheap) are used to grab all the traffic from client’s server and take over online communication. Lines below demonstrate how MitM attack works.
Man In the Middle Attack ExampleLet’s make it simple. Imagine this scenario. You met a girl. You like her, and after a couple of dates, you want to impress her and express your sympathy. You decided to create a simple website, embed love song and a few photos from the last couple of days you spent together. Great way to say I AM IN LOVE WITH YOU you think. Thrilled and excited about a unique idea you bought a domain and hosting. After a few hours of designing you just need to publish everything and make it live before sending her URL to access little surprise.
However, you are not aware that your Wi-Fi signal is jeopardized because of unsecured router. There is a man in between. He has access to your email account. That awful man can “see” everything you do, and he is about to ruin your dreams. Finally, you send her an email with URL that leads to a small surprise. Proud of yourself you are waiting for her reaction. BOOM! The reaction is not the one you were hoping for. Man in the middle changed URL in your email. Instead, to open your cute website, she opens a pornographic webpage with disgusting images. Damage is irreparable. It is too late to explain; you ruined it.
Now, imagine if the girl was a bank and the website was $10,000 you needed to transfer to the bank account or a business partner in Europe. Instead in a bank account, money could quickly end up in the hands of Ukraine hackers. Now when you have a man in the middle attack real-life example in front of you, let see what techniques hackers use and what are common types of MitM attacks. The example above is a typical email hijacking.
Man in The Middle Attack TypesThere are several types of a man-in-the-middle attack, all of them are equal deceptive and manipulative. Important to know is that attack is possible to do in two ways. The first one, and mostly used is to attack using MitM tools or malware. This is also known as a man-in-the-browser attack (MITB).
Second is based on physical proximity to the victim. For instance, hacker and victim use the same free wireless access point set by a hacker at the airport, public library or another public place. Once the victim gets connected to the access point, its device is compromised. Common to all MitM attacks are two carrying out phases, Interception and Decryption. When hackers gain control over the router in the home or office environment, they can easily intercept all data transmitted through the network. However, their job is not finished yet. Once they intercept communication, they need to encrypt data in order to read and efficiently manipulate data. Here are several man-in-the-middle attacks types to be aware of.
1. Email Hijacking This is one of the oldest types of MitM attacks. As the example above the hacker can breach into bank email accounts and hijack email conversation between client and bank. At the right moment, attackers spoof bank’s email and send malicious document containing their info and paying instructions to the client. Client follows instruction and instead to transfer money to the bank, he transfers to the hackers. 2. Session Hijacking This attack is also known as cookies hijacking. Cookies are small pieces of data that include valuable information for accessing websites. For instance, our location or pre-filled forms, and stored browser passwords. If attackers can intercept and overtake session with the website and gain control over cookies in the browser, they can use them to easily access sensitive data like stored credit card number and login credentials. This way attackers can play with your identity. 3. HTTPS Spoofing SSL spoofing doesn’t attack SSL itself. It attacks the transition from non-encrypted to encrypted communication. By installing the false certificate in victim’s browser, that has a piece of code that allows the certificate to connect with the malicious app; an attacker can access all data before it is sent to the app. 4. IP spoofing IP spoofing is the most-used spoofing attack. Most known is Dos or Denial of Service attack, but in the case of MitM attack malicious attacker uses legit IP address to send malicious packets, and that way tricks the systems. The server allows the access to attacker causing many security threats. 5. DNS spoofing DNS cache poisoning or spoofing is attacks when hackers exploit domain name server vulnerabilities, usually changing website’s address record, and drive away traffic from legit server to fake server or precisely attacker’s website. Try to access the legit website and you’ll be “redirected” to a fake website. 6. SSL stripping SSL stripping is a way to regress HTTPS connection to HTTP. Hackers intercept TLS authentication file sent from the server to the client and make session exposed to their control and data manipulation. Instead of requested https://example.com user gets http://example.com. 7. Wi-Fi Eavesdropping In this case, hackers set phony WI-FI access point using the legit name or name of some business or institution. If victim’s laptop is set to connect to strongest Wi-Fi signal out there, attackers can use the access point to add a laptop to their domain. This way all traffic from laptop to access point is under attacker’s control.