A man in the middle attack is just one of several methods employed by hackers to breach and steal private, commercial, or sensitive information such as credit card numbers, login credentials, and passwords.The procedure typically involves launching viruses or other malware types that serve as an avenue of infiltration between two parties (e.g., a client and a server) who are exchanging confidential data. Neither party in the communication exchange is conscious that the data traveling through the channel is being seized by this intricately devious hacker application.
Surprisingly enough, the whole idea behind a man in the middle attack predates the widespread use of the Internet or even the invention of the personal computer. Back in the day, the concept was employed in certain intelligence operations such that a third party would covertly start a dual channel interface between two other parties.The unsuspecting pair would simply presume that they were in a direct conversation or contact with each other, so they're completely oblivious of the fact that the third party who manipulated the whole situation in the first place was seizing, translating, and sending their dialogue to his higher-ups.
Simply put, an online-based man in the middle attack is a concept born out of the age-old occupation of espionage, even though there's hardly anything "James Bond"-like about it. With the advent of personal computers, home computers, desktop computers, laptops, notebooks, the Internet, and so on, the man in the middle paradigm was quickly adapted to this new era and medium.
By intercepting the Public Key for one of the parties of a particular online SSL correspondence, a hacker is able to impersonate one of the two users, send his Public Key to the second party while pretending to be the originating party, and steal the information he'll get from that point on from the second party.The cyber attacker will be free to manipulate, copy, or sell the data he'd stolen from a naive mark and use it for a variety of cyber crimes. Also, the mark of a successful man in the middle operation is to ensure that neither of the two swindled parties is aware of the situation or the hacker's existence.