What is a man in the middle attack?

In MITM attacks, hackers spy on your browsing activity, waiting for the perfect time to strike. They can position themselves between you and the person or site you’re trying to engage with, manipulating the flow of information – and money.

What is a man-in-the-middle attack?

The MITM method is all about interception. It includes three key elements:

• The victim
• The man in the middle
• The intended recipient or application

One person – the victim – sends some kind of sensitive data online. This could be an email, for example, or a password. Then there is an intended recipient – an application, website, or person.

Between them, we have the “man in the middle”. This is the malicious actor who watches data as it travels between the victim and their intended recipient, ready to intercept and manipulate the communication when the time is right. You can watch our video for more information on this method of attack.

How a man-in-the-middle attack works

It all begins with interception.

A simple way for a hacker to intercept data is by setting up trap Wi-Fi hotspots. These will not be password protected, so anyone can log on. By naming the connection appropriately – the brand of a nearby cafe, for example – criminals can trick users into logging on. Once the victim is online, with all their data passing through the hacker’s hotspot, they’re completely exposed.

There's a range of different MITM attacks, but they all depend on one formula: get between the victim and the intended recipient.

Different forms of MITM attacks

• IP spoofing

IP spoofing can give hackers access to a device or application, bypassing authentication processes. This can be particularly effective when employed in a network of connected hardware where users trust each other. On corporate networks, it’s not unusual to allow a user to log into an application without a password, provided they are sending their data from a trusted IP address. That’s where IP spoofing comes into play. If a hacker can insert an altered IP address into the “packet” of data they’re sending to the target device, they can trick an application into thinking they’re a trusted network user and granting them access.

• Email hijacking

In our emails we keep logins for other websites, banking information, and general communication. Your inbox is a prime target.

Email hijackers will often take time to just monitor your activity, waiting for the perfect time to strike. Whether that means sending your employer alternative banking information for a payment or diverting money intended for a bill, you may not realize you’ve been hacked until it’s too late.

• Man-in-the-browser (MITB) attacks

MITB attacks use malware to start the hack. This Trojan redirects traffic so it can send victims to a fake email login page, for example, setting the stage for a classic MITM attack. After carrying out its function, some versions of malware can even delete itself, leaving no trace to give away the hacker’s presence. Remaining undetected until the right moment is an essential part of the MITM process.

• Wi-Fi eavesdropping

In this type of attack, a hacker eavesdrops on your activity via a Wi-Fi connection, either by hacking a legitimate hotspot or setting up their own (the fake cafe Wi-Fi scenario that was discussed before). Although this is often just the starting point for other similar attacks – email hijacking, for example – it can be a dangerous breach in itself. Using a technique called SSL stripping, an attacker with access to your Wi-Fi can funnel any data you send through an entirely unencrypted connection, allowing them to view your unprotected browsing activity.

• Stealing browser cookies

Browser cookies are tiny pieces of information that a website will save on your device. These small packets of data can also contain login credentials, making them very useful to hackers. If someone accesses and decrypts cookies on your device, they could get the keys to a range of other online accounts.

How to prevent MITM attacks

• Be vigilant around emails

Email is the perfect target for criminals. If you receive a strange message – an unusual request from your bank for example, or a link you’re asked to follow – err on the side of caution. If a hacker already has access to your email this could be their attempt to extract money from you. Learn to identify phishing emails to stay secure.

• Implement an endpoint security system

If you run a business, you might worry about employees accidentally giving hackers access to your networks. The best way to avoid this is with an endpoint security approach.

• Secure your router at home

It’s not just public Wi-Fi that poses a threat. Personal routers are rarely secure; passwords are easier to crack than you might think. Strengthen your home Wi-Fi security so your own home doesn’t become a liability.

• Use a VPN

Many of these attacks occur because of unsecured or vulnerable Wi-Fi connections. The antidote? Encrypt your data.

When you turn on a VPN, all of your browsing information will move along an encrypted tunnel between your device and a secure external server. Even if you connect to a hacker’s hotspot, all they’ll be able to see is encrypted gibberish. For both individuals and businesses, encryption is an incredibly effective tool. This is practically what it was made for.

If a hacker breaks into your home Wi-Fi or lures you onto a malicious hotspot, a VPN will give you complete protection. With your data encrypted and your browsing activity private, you can cut off a MITM attack at the source.

VPNs were made to prevent man-in-the-middle attacks. Try NordVPN with our 30-day money-back guarantee to secure yourself now!