Most people have heard of a man in the middle (MITM) attack, but not everyone knows what it means. MITM attacks are some of the oldest forms of cybercrime and the most damaging for the victim and could leave them financially devastated.
How it Works
When a hacker intercepts the communication between you and an app or you and another party, this is called a man in the middle attack. Sometimes these attacks are used to spy on someone or monitor online activities for later ransomware attacks.
During a man in the middle attack, the criminal positions themselves between you and whomever you are communicating with, typically to steal information. Most people are unaware that anything is going on because the app appears normal, and they see the expected prompts, buttons, etc.
What Is the Purpose of a MITM Attack?
The main purpose of a man in the middle attack is to steal login credentials, intercept bank transfers (especially with cryptocurrency), grab credit card numbers, or steal personal information for identity theft. Recently there was a big report of a Bitcoin wallet app that was compromised by a man in the middle attack. Investors were being re-routed to a malicious website where they downloaded a fake update to the app and lost all their money. One poor victim lost millions to this MITM attack.
Typically, cybercriminals target banking and financial apps and websites using MITM attacks. They may also use tainted software to perpetuate this kind of fraud. When successful, these bad actors can log into bank accounts, drain them, charge unauthorized transactions on credit and debit cards, and even lock you out of your own accounts by changing the login information.
In some cases, these attacks are simply used to spy on people, companies or government agencies, to obtain information to be used elsewhere. During this contentious U.S. presidential election, there are most likely a lot of MITM attacks occurring daily.
Additional MITM Danger
The scary thing is once a hacker gains entry into your system using a MITM attack, they could breach further security protocols to wage an advanced persistent threat (APT) assault on you.
There are two levels of a MITM attack. The first is interception, which is them breaking into your app or breaching your Wi-Fi network and then decryption so they can access the private stuff that protects your accounts.
Cyberthieves use devices and malicious software to re-route your communication through their own servers, which they can completely control. If you log onto an unsecured Wi-Fi hotspot (like in a coffee shop), you could open yourself up to a MITM attack. Once you log on, the hackers can see everything you are doing and access your device.
Other ways attackers gain access are through DNS spoofing, ARP spoofing, and IP spoofing, which is when they disguise themselves as a legitimate resource but are not. Often you may be taken to fake websites that look exactly like the original where you enter your login credentials, but you are not logged in; you have simply handed over the keys to the offender.
Threat actors have various techniques for decrypting the connection between you and the app or other person. They may use HTTPS spoofing where they insert a fake SSL certificate so that you think you are on a secure, legitimate website when you are not.
They may also use SSL BEAST (browser exploit against SSL/TLS) to exploit a vulnerability in the SSL. By infecting the user's device with malware, they can then decrypt any information sent through the browser.
SSL hijacking is another way these hackers can gain access by using stolen authentication keys during a TCP handshake, fooling the system into believing it's legitimate and okay to proceed.
These bad actors may also decrypt your information through SSL stripping, where they re-route your browser request to an HTTP version rather than HTTPS, allowing them to view what you are doing and attack.
How to Protect Yourself from a Man in the Middle Attack
Although a man in the middle attack can be frustrating and devastating financially, there are things you can do to protect yourself.
- Never use a public or unsecured Wi-Fi connection. If you have to use one quickly, never log onto your bank, credit card, or other important account websites. Do not perform banking transfers while connected to public Wi-Fi.
- Be careful when using your banking apps connected to cellular data.
- Purchase and install a VPN on all your devices to shield your IP address and keep hackers out.
- Use multi-factor authentication for all your financial accounts.
- If your device offers it, turn on full encryption of your data so that all your communications are protected.
- Only visit websites with HTTPS in them.
- Watch out for phishing emails and NEVER click links in an email.
- Install antivirus/anti-malware software and run deep scans often.
- Secure your home router and firewall using the most robust privacy settings.