What is MITM attack?
Today, I will talk about MitM attack. In the age of modern technology, computer security has become an absolute big issue. Our regular life is becoming depended on our computer and smartphones. Through those devices, we can use the internet, save or share valuable information, can watch live online videos and much more. However, file store and sharing is the major part out of them all. At the same time, security issues have also raised in such matters. Yes! You heard that right. You need to secure all those important files stored on your device. Because hacking has become a very technological threat today. Anyone can gain access to your PC or smartphone without touching them. Hackers or cyber criminals are infiltrating your device from the remote distance through the network system or the web. If you are not sure that you’re actually doing everything for your best safety, check out these internet security tips.
Cyber criminals are choosing various ways and options to get into your own device. The primary intention of a cybercriminal can be differentiated. Maybe someone wants to see your private information or wants to destroy or even steal that information from you. Man in the middle(MITM) system is one of those approaches by which an outsider can secretly interfere and can alter the communication between two persons who will be believing that they are communicating with each other. However, the MITM hacker will be pretending to be the one of those two victims.
Recent Man-in-the-Middle Attack
In 2013, another big attack was thrown against Abas, one of the four biggest banks in South Africa. Those hackers somehow managed to put an exact copied version of a fake transaction page on the Abas banks official website.
In 2014, when Apple’s iPhone 6 was first introduced to China, their iCloud service was facing MITM attack. Hackers were trying to steal username and password through the attack.
In 2015, the most recent cases, Microsoft was attacked by some Chinese MITM attackers. Microsoft’s Outlook users were victimized by that attack which lasted for 24 hours straight. In the same way, Google was also attacked by Chinese MITM hackers.
In 2015, Police have arrested 49 suspicious persons in all over the Europe for the possible MITM attack. According to the Europol, a gang of MITM attackers were trying to hack some medium and large multi-business companies and banks.
Example of MITM Attack
In an HTTP dealing the target is that the transmission control protocol or TCP connection between client and server. Following different techniques, the hacker splits the initial communications protocol connection into two new connections, one between the client server and the hacker and the alternative connection between the attacker or hacker and the server. Once the TCP connection infiltrated, the attacker acts as a proxy, gets the ability to read, insert and modify the information within the intercepted communication.
Suppose, Clark is trying to communicate with Lois and Bruce wants to intercept the communication and intends to send a false message to Clark or Lois. Now Bruce the hacker will get to see each and every conversation between Clark and Lois. Bruce can also act, insert or modify any of their(Clark and Lois) conversations and can send it to the targeted host.
For example:
Clark says, “Hey Lois, I want to tell you the truth. I am Superman”.
Now as the Man-in-The-Middle, Bruce will get the message from Clark. Bruce can also modify the message by adding a false information and can send the message to Lois by saying that,
“Lois, I can’t continue this relationship. Because I love Wonder Woman”.
Lois will receive the message from Bruce. But Lois will never know that the original message faced a modification process by a hacker or the man in the middle. Clark sent a message, but Bruce changed the message and sent it to Lois on behalf of Clark.
Clark and Lois will never that Bruce was acting as the man-in-the-middle between their private communication.
Here, Bruce is the attacker. This is how the MITM attack takes place.
Some Significant MITM Attack Tools
There was some tool you can employ to initiate any MITM attack.
• Dsniff– is a suite of programs which will be utilized in auditing and penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy monitors networks for attention-grabbing information (mail, files, security code). Any spoofing that intercepts network traffic. All of those tools facilitate the man-in-the middle attack against networks.
• Ettercap- is a suite for MITM attacks on LAN. It options sniffing of live connections, content filtering on the fly and plenty of different fascinating tricks. It supports active and passive dissection several protocols and includes many feature for network and host analysis.
• AirSnort- It is a wireless LAN tool that recovers encoding keys. AirSnort operates by passively observing transmissions, computing the encryption key once enough packets are gathered. 802.11b, mistreatment the Wired Equivalent Protocol, is damaged with various security flaws.
• Superfish- It’s a malware and one can use it as the MITM attacker tool too.
• PsTools- This is a set of program line utilities that enable you to manage all the local and remote systems. Examples: PsExec, PsKill, PsFile etc.
• Ethereal- It is one of the most commonly used network protocol analyzing systems in the world. It is the multi-platform sniffer that captures information packets on a wired LAN or a Wireless network. Ethereal is able capture up to 683 protocols.
Prevention Measures against Man-in-the-Middle Attack
However, detecting a man in the middle attack are often terribly tough. During this case, prevention is better than cure, since there are only a few ways to observe these attacks. Since the prevention is always the better choice, you should definitely learn as much as you can about the cyber security tips. Typically, you must not use public networks for performing on any private matters (example: checking your personal emails). It is best to use the general public network just for basic functions like surfing news; albeit your traffic is facing interception, the injury is prescribed or nothing.
Some Steps to Follow
There are some necessary steps you can follow to stop MITM attacks. By following these measures, you can reduce or stop the MITM attacks. Let’ see:
DNSSEC: DNS Extensions should be secure.
Certificate Planning is necessary to defend the MITM attacks.
Mutual Authentication Systems- Like secret keys or password.
Secure Channel Verification.
Public Key Infrastructure- You can use it to prevent MITM attacks over HTTP(s).
PKI Authentication- It’s the part of the public key infrastructure that can prevent MITM attacks.
However, most of the effective defenses against MITM are often found solely on the router or server-side. You will not be having any dedicated management over the safety of your dealing. Instead, you’ll be able to use a robust encoding between the client and also the server. During this case server authenticates client’s request by presenting a digital certificate, then this will establish the whole connection.
However, another technique to stop such MITM attacks is, to never connect with open wireless fidelity or WiFi routers directly. If you want to, therefore, you can use a browser plug-in like HTTPS Everywhere or Force TLS. These plug-ins can assist you establishing a secure connection whenever the choice is obtainable.
You can use Virtual Private Network or VPN to make yourself secured from any further Man-in-the-Middle Attack. You can also stay with the proxy server. But the following proxy server should have data encryption features. You can also use SSH or secure shell tunneling to prevent Man-in-the-Middle Attack.
Conclusion
Finally, After discussing every aspect of Man-in-The-Middle attacks, it is almost clear that this attacks can harm your personal life in various ways. However, sometimes, this system is used by the Government authorities for the sake of the country. On the other hand, Man in the Middle attack is logically unlawful or even illegal. So, the attacker will know about you through the Man-in-the-Middle Attack. So, it’s always better to take some pragmatic steps.
You should always be careful about Man-in-the-Middle Attack.