What is man in the middle attack?.
A man in the middle (MITM) is a type of
cyber attack where a malicious person infiltrates a conversation between two
parties and impersonates the two parties so that he gains access to information
the two parties would relay to each other. The attackers can send and receive
information meant for a different party or not meant to be sent at all. Man in
the middle attack can go undetected for long.
Man in the middle is among one of the
oldest forms of cyber attack. In MITM, an attacker sits between a victim and a
legitimate host that is trying to send information to the victim. The hacker in
MITM attack usually observes or manipulates the data between the client and
host. The attack could be established by creating fake networks that lure victims
into connecting or compromising legitimate network. The attacker then strips
off any available encryption from the compromised network to steal or redirect
the traffic to the attacker’s destination choice. Since hackers can be silently
re-encrypting or observing the compromised network, it can be a difficult
attack to detect.
MITM consist of many techniques that
malicious people leverage depending on the target and the goal of the attack.
For Example, in SSL stripping, the attackers start an HTTPS connection between
them and the server. The however,
establish an unsecured connection between them and the user. This means information
is sent to them in plain text without encryption.
Attackers like to establish a rogue access
point especially in public areas. This connection resembles the legitimate
network and people can easily establish a connection through it. Ina banking setup, an attacker can see when a
victim is making funds transfer and alter the destination account number or the
amount being transferred.
Although MITM attacks often require
proximity to the target, it is also possible to interfere with the routing
protocols. The attackers advertise themselves on the internet and allude to be
in charge of the IP addresses. The internet routes the IP addresses to the
attacker giving them privilege to observe or control your online activities.