Transport yourself back to the era of Morse Code in the military and imagine you are a spy in that era. Your boss has just tasked you to devise a way to intercept and read all of the enemy’s communications and sometimes inject our own false messages into their organization without anyone knowing. Now, you could just find an enemy telegraph station, assassinate the operator, and take his place and that would work, until anyone came to check on you, then the jig would be up and you would be killed. But, being a smart spy, you had another idea. You decide to cut the telegraph wire in the middle, and install two new telegraphs, one on each side of the wire you cut. Now, you can read all the messages that come from one side and send it to the other side, and no one will ever know. And, if you want to send your own information, it’s as simple as just tapping out something new, and the person at the other end will assume the message came from the other side. What I’ve just described is one of the all-time most popular attacks, monkey Man-In-The-Middle (MITM) attacks.
The Modern Version
These kinds of attacks are alive and well in the digital age, and one of the most popular locations for these attacks is everyone’s favorite caffeine dealer: Starbucks. Starbucks is notorious for its free WiFi hotspots in every store which is taken advantage of by hipsters, businessmen, and college students alike. The problem occurs because the network is open and unprotected. There are programs that you can set up on your computer that are designed to initiate a MITM attack against anyone on the same network as you. Essentially, your computer pretends to be the router to your victim and pretends to be your victim to the Internet. For example, say you are logging in to your Facebook account. My computer would intercept your login request to Facebook and I would log in as you, then I would send your timeline back to you. Now, if I wanted to post something to your account, or make you think one of your friends had posted something, I could do that at will, and you would never know the difference.
The Defense
Like most problems related to computer security, the answer is more encryption.
I’m positive you have all seen that little green lock in the upper left corner of your screen. That’s not just for show, instead it means that you are connecting to the website using SSL/TLS. What this means is the website claims to be one thing, and your browser has verified that the website is in face who they claim to be. Using a combination of encryption and digital certificates, websites can secure traffic to and from your computer so you can rest easy that no one is stealing your cat memes before you post them.
Good to know my cat memes are safe. I know I’m a week late commenting on this, but I’m glad I came back to read it because I’ve always felt a little too uninformed on the topic. I had heard of the Man in the Middle concept before since I studied public and private key cryptography in a fair amount of detail, so I understood how that worked, but I had never really paired it with attacks, just as a way of safely encrypting my own data. I feel like I understand the entire concept better, and now I won’t be nearly as annoyed by the green little “secure” that’s sitting in the corner of my screen.
ima victem ofodern man in the middle johnrichter1113839@gmail.com
admin–‘
It’s sad this site is associated with a college.
Gets the idea across