by Dan Lowe, on 29 October 2013
On the Internet, there are many free tools to create a Man-in-the-Middle (MTIM) or Man-in-the Browser (MTIB) attacks.
On the Internet, there are many free tools to create a Man-in-the-Middle (MTIM) or Man-in-the Browser (MTIB) attacks. There are even instructions to teach you how to use these techniques to hijack a session and probe ways to eavesdrop on unprotected web sessions. Once you gather the information, you are on your way to exploiting additional weaknesses and making money from innocent users.
A simple Man-in-the-Middle attack allows a malicious code writer to intercept internet traffic before it goes to a destination or the traffic may be redirected to a different site that could capture personal or confidential information. A Man-in-the-Browser attack is malware that resides in the web browser to intercept and handle all web requests. It could look for user name and passwords to financial institution or corporate site. It can redirect you to a copy of an online bill paying site that looks real while capturing additional confidential information. In both scenarios, you have the criminal hijacking your communications between your computer and the website you want to visit.
There are different ways that criminals can hijack communications between devices and/or between the device and a website. In ARP poisoning, computer 1 tries to communication with computer 2, it uses Address Resolution Protocol (ARP) to find computer 2. Criminal computer 3 can tell computer 1 that it is computer 2. Since no authentication or verification is required, computer 1 doesn't know that it is communication with criminal computer 3.
Another MITM approach is through Domain Naming Service (DNS) poisoning. All websites have an Internet Protocol (IP) address which is a sequence of 8 to 12 numbers, but it is challenging for people to remember lengthy numbers. It is easier for a person remember a name of a website. In order to resolve the IP address number to the website name is through a domain name service (DNS). In DNS poisoning, criminals insert malware to redirect the access to specific websites that looks like a genuine website, but is actually owned by the criminal.
These are fairly straight forward techniques used by cybercriminals to steal your information, but there are many other techniques criminals use to lure the unsuspecting user to disclose confidential information. It is difficult to fake authentic https sessions because it requires the digital certificates from both websites to be authenticated by a third party certificate of authority (CA). With digital certificates, use must submit information to the CA which processes your information, then issues a unique certificate to the organization. If you see notifications warning that the certificates do not match, then you should be very careful about sharing sensitive information.
Common sense and security awareness can help minimize your risk to these attacks. There are products that are known as secure virtual browsers which can help minimize your risk to these types of attacks. Some of these products create a custom, hardened browser that is separated from the desktop environment to isolate the web session. These products may come with a virtual keyboard, built-in antimalware, antiphishing, or antifraud features, integrate Wi-Fi prevention tools, and encrypting algorithms to protect web sessions. It may be worth taking the time to find out more information.
Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.