Man In The Middle
What is a Man In The Middle Attack?
How can it affect me?
What can be done from a Man In The Middle Attack?
Normal Web Communications
Computer says: I would like the google.co.uk web server to give me the index page.
Server says: okay & sends the index page.
Computer displays the index page.
Normal Web Communications for Banking
Computer says: I would like the bank.co.uk web server to give me the index page.
Server says: okay & sends the index page.
Computer displays the index page.
The computer wants to send the server the encrypted account number, encrypted password & public key for decrypting the password.
Server says: I am ready.
The computer sends public key.
The computer sends encrypted account number & encrypted password.
The server receives the public key, encrypted account number & encrypted password.
The server uses the public key to decrypt the encrypted account number & encrypted password.
Server now decrypts the encrypted account number & encrypted password stored in the local database.
If server decrypts the account number & encrypted password successfully, the server will compare the decrypted account number & decrypted password to the decrypted local data.
If they match, a success message is delivered to the computer & the cookie is updated.
Now, if a person with malicious intent & the skills were to become a man in the middle (MITM):
Computer says: I would like the bank.co.uk web server to give me the index page.
MITM could replace the index page with a hijacked copy - in this case, the MITM is going to do even less work
Server says: okay & sends the index page.
MITM is capturing all of the packets being sent & received
Computer displays the index page.
The computer wants to send the server the encrypted account number, encrypted password & public key for decrypting the password.
MITM prepares to store data
Server says: I am ready.
MITM sees this confirmation
The computer sends the public key.
MITM captures & stores the public key
The computer sends encrypted account number & encrypted password.
MITM captures & stores the encrypted account number & encrypted password
MITM now uses the public key to decrypt the encrypted account number & the encrypted password
MITM should now have access to the unencrypted account number & the unencrypted password
The server receives the public key, encrypted account number & encrypted password.
The server uses the public key to decrypt the encrypted account number & encrypted password.
Server now decrypts the encrypted account number & encrypted password stored in the local database.
If server decrypts the account number & encrypted password successfully, the server will compare the decrypted account number & decrypted password to the decrypted local data.
If they match, a success message is delivered to the computer & the cookie is updated.
MITM can allow or block the response from the server to the computer
MITM can now access the person's bank account & do a whole host of malicious activities
The person only hopes their bank recognises the odd behaviour & blocks the account from further transactions
What does the MITM attack mean to the public?
This was just a specific example of how the MITM attack works.
This is not what it is used for by GCHQ, but it shows the level of access they have & what they could do if GCHQ had malicious intentions; fortunately, they do not.
It has been claimed GCHQ has access to every Cellular & ISP grade switch in the United Kingdom network
GCHQ has access to quite a few other networks all over the World, but GCHQ's access in the UK is much easier to document.
GCHQ saves all of the data & indexes the metadata
If the metadata shows something interesting, it will be flagged and the raw data will be kept for investigation
Fair & good system - it is the best in the world, in my opinion.