The world is a dangerous place these days, especially when it comes to your online life. You have probably heard about phishing emails, scam calls, ransomware, and malware, but have you heard about sniffing attacks?
Sniffing Attack Defined
As defined by NordVPN, “Sniffing is when packets passing through a network are monitored, captured, and sometimes analyzed. It can be used for good and evil. For example, your system administrator might use sniffing to troubleshoot or analyze the network or perform egress defense. On the other hand, hackers can use this technique to perform man-in-the-middle attacks that aim to steal your bank details, account credentials, or other personally identifiable data that could lead to identity theft.”
A sniffing attack is essentially like someone bugging your telephone but in digital terms. For example, detectives may listen in on calls to gain insight into a suspect’s behavior, intentions, and whereabouts. Using a sniffing attack, hackers eavesdrop on your digital activity, and any information that is not encrypted (meaning it is in plain text), including your bank account, usernames, passwords, or other pieces of useful information, is at risk of being stolen.
Cybercriminals also use sniffing attacks to spy on your text messages to glean sensitive information. They may also read your emails or other app data to steal your identity or gain access to your accounts.
How Does a Sniffing Attack Work?
Information is routed through the internet using packets. So even a single email might be broken up into smaller pieces (called packets) and reassembled at its final destination. On route, they may pass through various routers and switches. Any point along its journey is ripe for sniffing.
Different Types of Sniffing Attacks
When it comes to sniffing attacks, there are two different types, passive and active. Let’s explore each one now.
Passive sniffing is when the attacker lays low and watches for information that crosses his or her path. This type of attack is more old-school because it involves a network hub where traffic is routed to other destinations. The attacker places a sniffer near the hub and collects anything that routes through it. However, these days most networks use switches rather than hubs, so active sniffing is a more popular option.
With active sniffing, the hacker tries to redirect traffic that comes in contact with a particular switch to an alternate destination so they can intercept and read it. Some examples of active sniffing are MAC spoofing, DNS poisoning, DHCP attacks, and MAC flooding.
How to Identify a Sniffer
Although there are anti-sniffer devices and software options, depending on the type and sophistication of the one used, they can go undetected for long periods of time and gather extensive data from the infected network.
Some layers of a typical network are more vulnerable to sniffing attacks. For example, HTTP, Telnet, FTP, POP, and SNMP are all layers and protocols that may be at risk for sniffing on some networks.
Some of the Top Sniffing Tools
Some of the most widely used sniffing tools are:
dSniff - This product performs network analysis and password sniffing across various network protocols such as FTP, Telnet, POP, rLogin, Microsoft SMB, SNMP, and IMAP.
Debookee - Is another option that can monitor network traffic regardless of the device type (phone, computer, smart TV, etc.). This one uses modules for different purposes, such as Wi-Fi monitoring, SSL/TLS decryption, and network analysis.
Wireshark - Free, open-source product that works on Linux, Windows, and other operating systems. Its top feature is the ability to filter packets by IP address.
A Sniffing Example
A sniffing attack does not have to be hardware-related but can occur on a retail website. For example:
Say a hacker places malware on the checkout page of a well-known retail store. A user checks out paying with their credit card. The sniffer gathers the person’s credit card information (name, address, credit card number, expiration date, three-digit code) and sends it directly to the hacker. Now the criminal has everything they need to start using the person’s credit card.
In some cases, sniffing is used to gather the information that is later sold on the dark web. Not all criminals use the bank and credit card details they steal. Sometimes that information is worth more for sale on nefarious websites.
How to Prevent Sniffing Attacks and Stay Safe
You can prevent sniffing of your data and keep your information safe by following a few safety tips:
- Do not connect to public Wi-Fi hotspots. If you have to use one, never log onto your bank or credit card accounts from an unsecured internet connection. Many hackers hang out at local coffee shops spying on the online activity of all its guests.
- Invest in a VPN to block your IP address and protect your data.
- Encrypt everything from your messages, email, phone, and data. Use end-to-end encryption options whenever they are available to you.
- Be sure to visit HTTPS websites and do not enter information on a site with HTTP only.
- Install anti-virus/anti-malware security software on all your devices and run deep scans often.
- Keep your devices updated with the latest security patches.