Imagine, coming home from a long days work. You head to your room to change into something more comfortable before sitting down to a nice meal and watch something on TV. But as you’re changing, theres someone looking in from the window. Watching your every move. Then watching you as you eat your meal and every other action you do for the evening.
Worse yet, this Peeping Tom sticks around to watch you sleep all night. All the while you never knew and never will know. This Peeping Tom came back to your place night after night for a long time. Worse yet, what if you were sitting at your laptop doing your banking and the Peeping Tom was watching you as you were typing your bank card number and password into the browser.
Even more worse, the Peeping Tom watched you as you were doing your taxes. As you entered your birthday and social security number into the tax filing software you were using. All the time looking from the window with a front row seat. By now the Peeping Tom has enough information about you to assume your identity and do some real damage to your financial life. How would you feel?
Each day we log onto our devices to check the news, talk with friends, do our banking and for unadulterated fun. But what if a Peeping Tom started following all of your online activities as well.
Well, unfortunately, there is a way for the Peeping Toms of the real world to become the same creeps in the online world. This type of attack is called the “Man-in-the-middle” attack and it is all too common today.
Consider the scenario where we have two people trying to write emails to each other, Bob and Alice. As Bob sends his email, it flows through the internet and is supposed to reach Alice’s inbox. Unfortunately, along the way, a peeping Tom was in the middle intercepting each of Bob’s messages to Alice. A number of malicious scenarios could occur:
- Tom could simply read the contents and continue to forward the message off to Alice as if nothing happened. Alice and Bob would never know but Tom could take the information in each message and act maliciously on it. If there were banking details or other damaging information, you can imagine what could happen.
- Tom could change the message and then forward it off to Alice. Suppose Bob wanted to hire Alice and he was sending a message telling her that she was hired. Tom could change that message to say that she didn’t get the job. Again, Bob and Alice would never know.
- Tom could keep the messages and never send off the messages to Alice. This is possible but would eliminate the art of stealth as eventually both parties would catch on but would also do damage because Bob could be sending some critical information to Alice and she would never receive it.
There are other damaging scenarios as well such as suppose Bob was trying to connect with his banks website or Bob trying to log into a server for work all the while Tom is listening in. The possibilities are endless and the damaging effects are even more so.
Moreover, there are a number of scenarios that could trigger such an attack. In future articles we will explore what they are and how we can protect ourselves against it.
Until next time, safe surfing