MiTM Attacks

This article explores the concept of Man in the Middle attacks (MiTM). An MiTM attack is essentially when a hacker sits between you and where you are going on your network. A traffic sniffing MiTM attack allows the hacker to capture network traffic.

There are different types of MiTM attack methods. In wireless networks, a hacker can set up a fake Wi-Fi hotspot. For example, I could set up a fake hotspot with the same name as the Starbucks Wi-Fi, and other customers could connect to my hotspot. Another trick a hacker could use is to launch a DOS attack on the real network and then throw out a hotspot with the same name. Customers think it is the Starbucks Wi-Fi and log into the hacker’s system. While the hacker gives them access to the internet, the hacker could either steal their credentials or redirect them to different websites.

Another example of a Wi-Fi MiTM attack would be when the hacker uses Ghost Phisher, which is still part of Kali Linux. This allows you to spoof any Wi-Fi hotspots you want, allowing you to act as an internet provider. Hackers can also use Wireshark. Wireshark is a packet capturing software and is very useful for network troubleshooting. However, a hacker could also use it for capturing network traffic that allows them access to user credentials.

MiTM attacks can also use a hardware attack method. You have already seen how physical attacks work, and you learned some devices can sit between your device and your system and log information. You have already learned about Key Croc, which sits between your keyboard and the computer capturing information. A hacker may place this device and use it in a MiTM attack. This device will capture everything you type, including your usernames and passwords.

All network users should be trained to increase awareness of these types of attacks and taught how to protect themselves and their devices. You should monitor your devices and lock them when you are not using them, and you should always be aware of any additional devices that are plugged into your machine that you did not authorize. You should also check the authenticity of any Wi-Fi hotspots before joining them, especially in places like coffee shops. You should always check the IP addresses or URLs of sites you are directed to – if the address looks similar but not completely correct, it may be a spoofed site. And finally, when you’re connecting over to the internet to any site, always make sure you’re using HTTPS. HTTP transmits your data in plain text, while HTTPS is a secure connection.

MiTM attacks allow hackers to get your login, your passwords, and other information, and to redirect your network activity. Make sure you understand how to prevent these attacks.