What is a Man in the Middle Attack?

Man in the middle attacks are one of the several devices that are used to gain access to proprietary information, such as pass codes, login credentials, and credit card numbers. The process essentially involves establishing a virus that acts as the interface between two points. Neither party in the exchange is aware that the information that is exchanged is intercepted and captured by the intermediate virus.

The concept of a man in the middle attack predates the inception of the personal computer and widespread use of the Internet. Even in earlier days, intelligence operations would employ the idea of establishing a third party who would in effect initiate a dual interface with two other parties. Each of the other two parties would assume they were involved in a direct connection with one another, not realizing that the third party was intercepting, interpreting and then passing on the communication.

With the advent of desktop computers and their common use in the home and just about every type of business, the man in the middle concept was quickly translated to work in the new medium. By securing the public key for one of the parties in the exchange, the attacker is able to pretend to be that user. The attacker then sends his or her public key to the second party, but pretends to be the originating party. From that point forward, all information exchanged during the transaction is routed through the attacker, who is free to copy the data for use at a later date.

The key to a successful man in the middle operation is making sure that neither of the parties is aware of the presence of the attacker. This means that the attacker must take steps to maintain a low profile and not call attention to the fact that data is being routed through an additional step before reaching the intended destination. Unfortunately, when an exchange is not secured, this is not a difficult task.

There are several ways to combat a man in the middle attack. Over time, more robust methods of creating and verifying secure authentication and coded public keys have been developed. Many banks have gone to using encrypted secondary data that must be verified before a transaction can take place. Online businesses have begun to employ such methods as secret keys to verify the true identity of a customer before processing an order.

All these methods have helped to minimize the impact of the man in the middle strategy. However, there are many web sites that remain unprotected and thus vulnerable to this type of attack. For this reason, Internet users should never enter private information into any site unless it is possible to verify the authenticity and secure nature of the site first.