The Learning Center
Home  »  Learn  »  Hackers and Hoaxes  »  Man in the Middle Attack

Man-in-the-Middle Attack: When Hackers Eavesdrop on Your Connection.

Man-in-the-Middle Attacks explained, defined
 Share the knowledge!

Not all hackers are after attention. Some just want money.

You might think, and hope, that being aware of all the latest scams and tricks that are on the Internet will keep the online thieves away. After all, if you're smart AND you know what to look for, you won't fall for somewhat obvious scams or phishing attempts.

But there's one trick out there that's not talked about as much as other online thievery, even though it's making a comeback now that there are more Internet-connected devices.

It's called a man-in-the-middle attack—sometimes abbreviated as MITM. It has nothing to do with stealing your IP address, more than it involves simply stealing your actual data, so easily and smoothly that you don't even know when it's happening.

It involves a hacker/thief intercepting the online connection and communication you're having with someone or some website. They've somehow hacked their way right into the middle of your connection between the two of you.

And neither of you knows it.

Think of it like a letter in transit.

It would be as if you popped a letter in the mail to your bank. But along the way to its destination, someone hi-jacked your letter, read it, tossed it aside, and sent a new letter with a different message to your bank. And when they received the bogus message (but still thinking it was you), they would reply.

You and your friend wouldn't realize that you weren't talking to each other, but through a man-in-the-middle.

In the online world, we're protected in most cases through websites that are encrypted, but there are still many instances where a man-in-the-middle attack takes place, and it will only get worse in our overly-connected world.

An example of MITM attack.

In actual examples, people who have intended to make a transaction with their bank have had their request intercepted, examined and read...then the man-in-the-middle uses your stolen account information to contact the bank, but arranges for "you" to transfer money into another account. An account that belongs to them.

How does it happen?

According to Internet experts, for a man-in-the-middle attack to work, both sides of the digital conversation or transaction likely have a security flaw, and that's what the crooks are probing for.

When the conditions are perfect, the "malicious" man in the middle can pluck out sensitive personal information (usernames and passwords, financial account information, identity information, etc.) right out of the connection and read it, compile it, record it, and copy it.

The man in the middle, the hacker/attacker, is technically savvy enough to become a "link in the chain" that your data is traveling through as it goes to-and-fro between a website or someone's email address.

Not only have they placed themselves digitally in the conversation, but they're able to impersonate each side of the connection, thereby controlling the communication and getting temporary access to everything.

Men in the Middle. A big-time bust.

In the summer of 2015, Europol, The European Union's law enforcement agency, arrested nearly 50 people throughout Europe who were conducting a man-in-the-middle attack on a grand scale.

  • It was a massive cybercrime bust involved Europol's European Cybercrime Centre (EC3) and Eurojust; Italian Polizia di Stato (Postal and Communications Police); the Spanish National Police; and the Polish Police Central Bureau of Investigation.
  • The suspects were arrested in well-time, coordinated police raids conducted in Italy, Spain, Poland, the UK, Belgium and Georgia.
  • The authorities confiscated computers, telephones, disk drives, digital tablets, credit cards and cash, memory sticks, forged documents and bank account documents that the thieves were using to defraud the banks.

Altogether, the amount of money stolen totaled €6 million (about £4.4 million or $6.8 million). And most of that substantial theft, according to Europol, came to the fraudsters very quickly, once they set up their man-in-the-middle attack.

The well-organized cyber-thieves targeted medium and large European companies, and broke into those companies' networks by planting malware through other trickery, including social engineering.

Keep your eyes open.

A MITM attack can still be avoided or thwarted by either side of the victim table. Here's how...

Pay attention the browser's address bar and the URL and anybody you're connecting to when money is involved. Because even though the man in the middle is talking to you as if he's someone else, he cannot disguise the other party's URL. (Example: instead of being http://snazzybank.com," it might instead read http://likesnazzybank.com.)

And, the MITM may likely at one point ask you to do something out of the ordinary routine.

So, if something seems fishy, even with "your bank," think twice before completing a transaction. It could save you a headache...and a whole lot more.

Related Articles