Best Cyber Security

What is a Man in the Middle Attack?

A man in the middle attack is just one of several methods employed by hackers to breach and steal private, commercial, or sensitive information such as credit card numbers, login credentials, and passwords.

The procedure typically involves launching viruses or other malware types that serve as an avenue of infiltration between two parties (e.g., a client and a server) who are exchanging confidential data.

Neither party in the communication exchange is conscious that the data traveling through the channel is being seized by this intricately devious hacker application.

Surprisingly enough, the whole idea behind a man in the middle

Attack predates the widespread use of the Internet or even the invention of the personal computer.

Back in the day, the concept was employed in certain intelligence operations such that a third party would covertly start a dual channel interface between two other parties.

The unsuspecting pair would simply presume that they were in a direct conversation or contact with each other, so they're completely oblivious of the fact that the third party who manipulated the whole situation in the first place was seizing, translating, and sending their communication to his higher-ups.

Simply put, an online-based man in the middle attack is a concept born out of the age-old occupation of espionage, even though there's hardly anything "James Bond"-like about it.

With the advent of personal computers, home computers, desktop computers, laptops, notebooks, the Internet, and so on, the man in the middle paradigm was quickly adapted to this new era and medium.

By intercepting the Public Key for one of the parties of a particular online SSL correspondence, a hacker is able to impersonate one of the two users, send his Public Key to the second party while pretending to be the originating party, and steal the information he'll get from that point on from the second party.

The cyber attacker will be free to manipulate, copy, or sell the data he'd stolen from a naive mark and use it for a variety of cyber crimes.

Also, the mark of a successful man in the middle operation is to ensure that neither of the two swindled parties is aware of the situation or the hacker's existence.

Ever hear of the Man in the Middle attack? They're a way of trying to do a Man-in-the-Middle attack where someone intercepts traffic between two people on a network. It's used to hijack data and inject fake information so that the person you're communicating with can't see your original intended connection.

For example, maybe you're setting up a VPN connection through Google's Chrome browser to get around online censorship in a country where it's illegal to use the internet at all. While the web page you're connecting to uses Chrome, someone could use the Man in the Middle attack to turn off your browser's HTTP proxy settings, and make all your Chrome traffic re-route to a server controlled by the attacker. This could result in the connection being tracked by law enforcement, or cause your personal information to be compromised.

A Man in the Middle (MitM) Attack, also known as an eavesdropping attack, is one of the most advanced forms of network attack. Attackers sit in the middle of the connection between two points in the network and then control the flow of information.

Some popular examples of a MitM attack would be if your ISP eavesdropped on your internet connection while others, such as Netflix, controlled the flow of information. Netflix is a good example of a large organization involved in a MitM attack, because they control the entire flow of information between an Internet Service Provider and a customer. Netflix would then be able to dictate what data you could access and when you could access it, as well as determining how fast you were able to stream.

MitM attacks do not happen overnight. A MitM attack starts when an attacker is able to gain control over the connection between your ISP and your Internet Service Provider (ISP) and then provide that same connection to you.

How Can MitM Attacks Happen?

There are many different ways that an attacker can get access to the connection between an ISP and their customer. Depending on the type of connection used, from cable to wireless, to fiber optic cable, an attacker could use a variety of ways to gain control over that connection.


In the past, hacking into the phone lines at a customer’s home allowed an attacker to control and manipulate the flow of information between the customer’s home and their ISP. Today, this method is still considered a form of MitM attack because it does not involve direct access to the customer’s network.

The newest MitM method involves paying a hacker to gain access to an ISP’s network. The attacker will control all the traffic between the customer and the ISP, by changing the speed of the traffic between the two points in the network. This allows the attacker to control the flow of information to your ISP and effectively stop Netflix or other websites from working for you.

MitM Attacks from cable

In the past, attackers had to physically provide their own cable to attack a connection. However, more modern methods use a software-based attack to control the traffic and make your ISP believe that the traffic is originating from your ISP.

Some of these methods include Hacking Routers, Social Engineering, and Phishing Emails. If a hacker is able to gain access to the target, then they could switch the traffic to a controlled site and then change the actual path of the traffic. This allows them to control your ISP and stop Netflix or any other website that you would normally watch on your computer.

MitM Attacks from cable


MitM attacks, from wirelessly, can take place because the attacker can gain access to the communication channels between your wireless router and your ISP. If they are able to gain access to your router, then they could reroute all the traffic from your router back to the ISP and force your ISP to believe that the traffic is from them. Once this traffic is sent to the ISP, it could potentially cause your ISP to believe that you are paying for the service from them, causing your ISP to automatically begin streaming Netflix or other video on demand sites at a faster speed.

The new Wi-Fi Protected Access 2 (WPA2) is the latest version of WEP encryption and was supposed to make this type of attack impossible. However, a group of hackers have broken the standard in an effort to undermine encryption on the internet. The reason this attack took place was because they were able to take advantage of the type of encryption WPA2 uses. WPA2 uses either a public or private key, with each key representing a communication channel. This means that every time you use a key, you are limited to using that key only within that specific channel. So, hackers could gain access to your WPA2 wireless connection and begin using it as a tunnel, which would make it possible to capture all of the data coming in and out of your network.

MitM Attacks from the Internet

MitM attacks, from the internet, do not require any sort of physical access. An attacker can also change the flow of information between your ISP and yourself using a variety of malicious attack methods. Using MitM attacks, an attacker could make your internet speed drop down to a slow crawl. They could change the cost of your internet service by changing it to a low price and then raise it up again. They could even charge you for services you never asked for.

Sometimes, the most difficult part of MitM attacks is realizing that an attacker is controlling your ISP. To help stop this type of attack, look for the lock icon in the corner of your browser to signify when the traffic between your ISP and you is being routed through a third party.

The best way to combat MitM attacks from the internet is to use SSL, or Secure Socket Layer, encryption on your web browser. When you visit an online store, the website will encrypt the data between your browser and the online store. The website will have a lock icon in the corner of the browser indicating that it is using SSL. It is important to make sure your browser and website both use SSL as a layer of protection.

➤ Related Pages

Anti Spam Firewall VPN
Appliance VS Software
Cloud Security
What is CISSP?
What is Data Leak Prevention?
What is Dumpster Diving?
What is GSM Encryption?
What is Grey Listing?
What is Port Knocking?
What is UDP?
What is Virus?
What is Whitelisting?
What is a Man in the Middle Attack?
What is a Routing Table?
What is search engine hacking?