Man-in-the-Middle Attack: What it is and how to protect yourself
A man-in-the-middle (MITM) attack occurs when someone sits between two computers (such as a laptop and a remote server) and monitors traffic. This person monitors communications between the two machines and steals information.
The Man-in-the-Middle attacks are a serious security problem. Read below how they are made and how to protect yourself.
The "beauty" of MITM attacks is that the attacker does not necessarily have to have access to your computer, either physically or remotely. He or she can just sit on the same network as you and watch the data quietly. A malicious user using MITM may even create their own network and trick you into using it.
The most obvious way to do this is to sit on an unencrypted, public Wi-Fi network, such as at airports or cafes. An attacker can also log in using a free tool such as the Wireshark, capture all packets sent between machines on a network. He or she could then analyze and identify potentially useful information.
Man-in-the-middle attacks have two common forms: the attacker either steals (eavesdrops) or distorts the message accordingly.
This approach does not work as well as it once did, thanks to the predominance of HTTPS, which provides encrypted links to websites and services. An attacker could not decrypt encrypted data sent between two computers communicating via an encrypted HTTPS connection.
However, HTTPS alone is not a panacea. There are solutions that an attacker can use to cancel it.
Using a Man-in-the-Middle attack, an attacker could try to trick a computer into "degrading" its connection from encrypted to unencrypted. He or she can then inspect the traffic between the two computers.
An "SSL stripping" attack may also occur, in which the person sits between an encrypted connection. It then captures and possibly modifies the traffic and then forwards it to an unsuspecting person.
Network-based attacks and dangerous wireless routers
Man-In-The-Middle attacks also occur at the network level. One approach is called ARP Cache Poisoning, in which an attacker tries to associate his MAC address (that is, the address of one of his hardware) with the IP address of another. If successful, all data intended for the victim is passed on to the attacker.
DNS spoofing is a similar type of attack. DNS is the "directory" of the Internet. Links human-readable domain names, such as google.com, to numeric IP addresses. Using this technique, an intruder can forward legitimate queries to a fake website that it checks and then capture data or develop malware. In short, you think you are talking to a website you trust, such as google.com, but you are essentially on the intruder's website, which is's similar in appearance to the legitimate one.
Another approach is to create one rogue access point or place a computer between the end user and the router or remote server.
Overwhelmingly, people trust networks when it comes to connecting to public Wi-Fi hotspots. They see the words "free Wi-Fi" and it does not occur to them that a malicious hacker could be behind it. This has been proven repeatedly with various experiments in which it seems that users not only do not pay attention but do not even read the terms and conditions in some hotspots. For example, some hotspots require users to Clean Dirty Toilets | ή to abandon their first child, and users simply click the "Agree" button just to access free Wi-Fi.
Creating a rogue access point is easier than it sounds. There are even machines that make it incredibly simple. However, these are intended for legitimate information security professionals, who conduct penetration tests for a living.
Also, do not forget that routers are computers that tend to have ominous security. The same default passwords tend to be used without being changed by their user and are also usually never updated with the security releases issued by the manufacturer. Another possible attack method is a malicious router that allows a third party to perform a MITM attack remotely.
Malware and Man-in-the-Middle attacks
As mentioned earlier, it is perfectly possible for an opponent to carry out a MITM attack without being in the same room or even on the same continent. One way to do this is with malware.
A man-in-the-browser attack (MITB) occurs when a Web browser is infected. This is sometimes done through a fake extension that the victim has installed that gives the attacker almost unrestricted access.
For example, one could manipulate a web page to display something different from what is on the actual site. He or she could also actively hack links to sites such as banking or social media pages to spread spam or steal money.
An example of this was SpyEye Trojan, which was used as a keylogger to steal credentials for websites. It could also fill out forms with new fields, allowing the attacker to gain even more personal information.
How to protect yourself
Fortunately, there are ways you can protect yourself from these attacks. As with all internet security issues, you need to be constantly vigilant. Try not to use public Wi-Fi hotspots. Try to use only one network that you control, such as using your data from your mobile service provider.
If you insist on the "free" Wi-Fi of store X, then use a VPN that will encrypt all traffic between your computer and the outside world, protecting you from MITM attacks. Of course, here, your security is as good as the VPN provider you are using, so choose carefully. Sometimes, it pays to pay a little extra for a service you can trust. If your job offers a VPN when you travel, then you should definitely use it.
Do not install applications or browser extensions from unofficial sites. Log out of site sessions when you are done and install a stable antivirus program.