Explain man-in-the-middle attacks.

If you find value in this story, please consider making a donation to the [HS]2 program. It prepares a group of first-generation and/or low-income students of color to succeed in college by empowering them with STEM-based skills, a family of driven peers, and a space to see the light and power in their own voices. Even $1 helps by demonstrating broad support to larger institutions considering donations.

This is part of a series answering interview questions submitted to Glassdoor.com for security engineer jobs. All questions are available at my Github page. Did you find something incorrect? Please let me know. Accuracy is imperative.

First off, let’s define a man-in-the-middle attack: It’s when an attacker intercepts communications between two parties who believe their interaction is secure. The attacker allows the content to travel back and forth so the victims don’t suspect anything. But the attacker is intercepting them, making copies, persisting the information offline and using it for his own nefarious reasons later.

Common examples:

• An attacker establishes a free wifi (known as an Evil Twin) in a Starbucks, a user connects to the network to check their bank balance and the attacker collects their username/password when they authenticate. The user and the bank are unaware.
• Sidejacking is similar except they somehow gain access to a legitimate network. So even if a user logs into their bank with their username/password using SSL on a trusted network, if the rest of the traffic (once they’re authenticated) is sent in a secure manner like HTTP, the attacker can sniff the packets and pull out session cookies for access to the bank.
• An ATM inside a gas station is left unmonitored and an attacker swamps out the card reader for their own to read the magnetic stripe or chip data along with #pin numbers. Security researchers demonstrated at Black Hat in 2016 that they could make an ATM machine spew cash this way. My favorite real-world example is here.

A woman looks at a (nice/paranoid) man who just removed a card skimmer from the ATM machine she was planning to use.

So how do you prevent man-in-the-middle attacks? There’s really only one way to prevent them all: Paranoia and awareness.

The term is generic like the word fraud and there are a hundred-different methods of pulling one off. As always, pay attention to your gut and stick to the basics. Don’t use free wifi. Use your own hotspot or a VPN. Avoid weird point-of-sale machines in convenience stores and gas stations. Stick to bank branches. Only use sites with HTTPS.