Man In The Middle

What is a Man In The Middle Attack?


How can it affect me?

What can be done from a Man In The Middle Attack?


Normal Web Communications

Computer says: I would like the google.co.uk web server to give me the index page.

Server says: okay & sends the index page.

Computer displays the index page.


Normal Web Communications for Banking

Computer says: I would like the bank.co.uk web server to give me the index page.

Server says: okay & sends the index page.

Computer displays the index page.

The computer wants to send the server the encrypted account number, encrypted password & public key for decrypting the password.

Server says: I am ready.

The computer sends public key.

The computer sends encrypted account number & encrypted password.

The server receives the public key, encrypted account number & encrypted password.

The server uses the public key to decrypt the encrypted account number & encrypted password.

Server now decrypts the encrypted account number & encrypted password stored in the local database.

If server decrypts the account number & encrypted password successfully, the server will compare the decrypted account number & decrypted password to the decrypted local data.

If they match, a success message is delivered to the computer & the cookie is updated.


Now, if a person with malicious intent & the skills were to become a man in the middle (MITM):

Computer says: I would like the bank.co.uk web server to give me the index page.

MITM could replace the index page with a hijacked copy - in this case, the MITM is going to do even less work

Server says: okay & sends the index page.

MITM is capturing all of the packets being sent & received

Computer displays the index page.

The computer wants to send the server the encrypted account number, encrypted password & public key for decrypting the password.

MITM prepares to store data

Server says: I am ready.

MITM sees this confirmation

The computer sends the public key.

MITM captures & stores the public key

The computer sends encrypted account number & encrypted password.

MITM captures & stores the encrypted account number & encrypted password

MITM now uses the public key to decrypt the encrypted account number & the encrypted password

MITM should now have access to the unencrypted account number & the unencrypted password

The server receives the public key, encrypted account number & encrypted password.

The server uses the public key to decrypt the encrypted account number & encrypted password.

Server now decrypts the encrypted account number & encrypted password stored in the local database.

If server decrypts the account number & encrypted password successfully, the server will compare the decrypted account number & decrypted password to the decrypted local data.

If they match, a success message is delivered to the computer & the cookie is updated.

MITM can allow or block the response from the server to the computer

MITM can now access the person's bank account & do a whole host of malicious activities

The person only hopes their bank recognises the odd behaviour & blocks the account from further transactions


What does the MITM attack mean to the public?

This was just a specific example of how the MITM attack works.

This is not what it is used for by GCHQ, but it shows the level of access they have & what they could do if GCHQ had malicious intentions; fortunately, they do not.

It has been claimed GCHQ has access to every Cellular & ISP grade switch in the United Kingdom network

GCHQ has access to quite a few other networks all over the World, but GCHQ's access in the UK is much easier to document.

GCHQ saves all of the data & indexes the metadata

If the metadata shows something interesting, it will be flagged and the raw data will be kept for investigation

Fair & good system - it is the best in the world, in my opinion.