A wristwatch. A Mont Blanc pen. A Fabergé egg. James Bond had a range of tools in his arsenal of gadgets for tracking, tracing, and wiretapping. And though his devices were all stealthily concealed as harmless everyday items, they were usually in plain sight. Not so today. Spying has now become a high-tech scheme with incredibly high stakes. And often we’re not even aware it’s happening.
The term cyberattack isn’t new to most of us. Way back in the 20th century we were already familiar with Trojan malware and relying on antivirus software to protect our data and computing systems. However, as our devices have gotten more powerful and more mobile, they have also become a gateway to much more critical and sensitive data and information. This has made them an evermore appealing target for cyberattacks. And while security technology has gotten more sophisticated so too have hackers.
How are hackers attacking us?
Cyberattacks infiltrate our computing systems, networks, infrastructures and mobile devices in a variety of ways. However, the main goal is always the same: to pilfer data, manipulate users, delete information, or destroy entire information systems. We saw this recently as a slew of hospitals were infected with ransomware demanding money to restore vital medical systems and patient data. In this case, though the goal was financial, private data was compromised and healthcare was jeopardized in the process.
Though ransomware is one of the most prevalent forms of attack, there are countless forms of cyberattack to be on the lookout for. One of the most deceptive is the man-in-the-middle attack (MITM). In this attack scenario, the hacker intercepts communications, rather than actively hacking security software, by getting in the middle of users and the content (email, platform, bank account) they’re trying to access. What makes these attacks so tricky and difficult to detect is that they often involve fake user interfaces (e.g. login pages) that nearly mirror the real user interface channels. So users don’t even suspect that they’re providing personal details and login credentials to an unauthorized third party.
There are different methods for MITM attacks that hinge on the level of access hackers have to the computer systems they want to attack. Here are some common techniques:
- DHCP/ARP spoofing: In these scenarios, hackers take advantage of the security risks posed by unprotected public LANs and WiFi networks to control how IP addresses are assigned. This ultimately allows hackers to read and direct incoming and outgoing computer traffic, meaning they can see a user's communications and also communicate while pretending to be the user.
- DNS cache poisoning: When you type a website URL into your Internet browser (e.g.
nevis.net), you initially make contact with the website’s DNS server. Since your computer reads numbers and not letters, the DNS server provides an IP address (numerical) so your computer can access the website. These IP addresses are stored in a DNS cache. By infiltrating this cache and altering IP addresses (simply changing a few numbers in the address), hackers can redirect Internet traffic to any given website, including a fake version of the website a user is attempting to access.
- Session hijacking: Every time you log into a website, that website provides your device (computer/mobile phone) with a token, which is used to identify your device (and you) for the duration of the session. As soon as you log out, this token is no longer valid. However, when hackers hijack your (loging) session, they use e.g. malware to steal this token. At this point, the hacker can simply pretend to be you.
Protecting against MITM attacks
MITM attacks are an incredibly effective way to gain unauthorized access to data, particularly because they are difficult to uncover. There are some good indicators that you may be a victim of an MITM attack:
- Unusually slow loading times.
- Unanticipated and continuous interruptions to service or disconnections.
- Unusual URLs in your browser address bar (e.g. http instead of https)
However, even these indicators aren’t always present or even obvious unless you are hypervigilant. As such, identity security is contingent on avoiding MITM attacks in the first place. But what can you do?
As a website operator, the best preventive measure is always information. Keep your customers informed about how you DO NOT request data i.e. via email links or SMS prompts. This will prevent them from inadvertently communicating with hackers posing as their service providers. However, adding extra layers of security like multi-factor authentication, including biometric indicators, will make it harder for hackers to get in the middle of you and your customers.
As an Internet user, you can take your security into your own hands by always ensuring that you are running the most updated version of your web browsers and operating systems, which include the latest security patches and bug fixes. Try not to use public WiFi connections. However, if you need to use them, don’t provide sensitive information or make monetary transactions. Activate multi-factor authentication if your service provider offers it. And be smart about the links you open.
Ultimately, it is up to both users and service providers to take the necessary precautions to keep data secure and out of the wrong hands.