The Man in the Middle cyber-attack is also known as the Monkey in the Middle, the Janus attack, and the Bucket Brigade Attack. The Man in the Middle attack, as the name implies, functions as an eavesdropping tool, intercepting information between two parties during the message relay process. As if data collection wasn’t bad enough, the most dangerous aspect of Man in the Middle attacks is their ability to seamlessly continue communications between two while tricking them into believing they are on a private, harmless connection. This means that millions of users could be unknowingly disclosing private information such as credit card numbers, bank account passwords, and pin numbers while remaining completely unaware of the act.
But, how?
Once the hacker has intercepted a message from an independent connection, he or she continues the conversation by continuously seizing messages midway and injecting new information before releasing the message to the intended recipient. Of course, this means that in order for the attack to be successful, the perpetrator must successfully impersonate the interaction style of both users who are currently in open communication. Another thing user should be aware of is that most attacks take place on unencrypted connections, such as those provided by public libraries, airports, and even Starbucks.
The SSL Certificate
The SSL/TLS protocol was developed to protect against Man in the Middle attacks by issuing a mutually trusted certification of authority to one or both parties. The SSL web client authenticates the server by issuing a challenge based on the certificate, and if the server has the private key, a session using host-to-host encryption, endpoint authentication, and integrity checks is practiced. If any of these safety mechanisms fail, the computer user is issued a warning about the site’s security certificate.
However, most users experience unsecure connections, often due to expired or incorrect SSL certificates. The web browser will alert users that their connection security has been compromised, but most ignore the warning. Some experts recommend a hard fail, disrupting the entire connection to the offending website, while others argue that SSL should be protective but not non-user-friendly. The reason for issuing a security warning if it is likely to be ignored and not accessible is to ensure the safety of web commerce transactions on the Internet. It’s worth noting that alongside SSL, implementing technologies like DKIM (DomainKeys Identified Mail can also enhance email security against email-based attacks.
Man in the Middle vs. Google
The recent Man in the Middle attack involving SSL certificates demonstrates that, while authentic certificates can protect users and their privacy, counterfeit certificates can also harm unwary users. Google users in Iran were threatened with an SSL Man in the Middle attack in March 2012, in which hackers attempted to use fraudulent SSL certificates issued by a third party. Since then, Google has revoked the certificate and admitted that the only reason the attack was discovered was because Google Chrome users reported that the Chrome browser successfully detected the fake certificate.
Conclusion
Having said that, having SSL certificates particularly multi domain ssl in place is still preferable to not having any form of security at all. What most Internet users can do is maintain constant vigilance by connecting only to trusted connections and avoiding browsing via Internet Explorer (which is where the majority of Man in the Middle attacks occur).