Man in the Middle Attacks: A New Line of Defense

Posted by Mark Greisiger

businessman using laptop with thief shadow

A Q&A with Norm Brogdon of Data Stream Protector
Much like eavesdropping, man in the middle (MITM) attacks allow a perpetrator to imperceptibly steal data—a malicious and insidious threat that has been underreported in the media. I spoke with Norm Brogdon of Data Stream Protector about the MITM exploit and how it can be stopped.

Tell me about the MITM exposure. How does it work?
Think of a phone tap, where law enforcement can hook up wires to your phone and listen in and you’d never know what’s happening. MITM is when the perpetrator inserts a device into the data stream between two entities, impersonating one of them so as to go undetected. You might log into your bank and make a transaction and the MITM device—which, by the way, might only cost $100—pretends to be the bank while capturing your data. Neither you nor the bank will realize what’s going on. The point of entry might be a router, hub or switch. You could be attacked at your coffee shop if you’re using free wi-fi. Many people assume that with an https: header their data is being encrypted but the reality is that these days someone can decrypt that data stream in 30 seconds.

Identities can be stolen, as can money. Business operations can be disrupted. Everything is at risk.

Now, if you’re an individual and your credit card is stolen, you’re protected by law, but if you’re a business and someone gets your credit card you don’t have those same protections. Even a small breach can be enough to put a small company out of business.

What’s at risk here?
Identities can be stolen, as can money. Business operations can be disrupted. Everything is at risk.

Which businesses sectors should be most concerned about these attacks and why?
I suppose the biggest threat is to the retail sector, but truly anyone who does any kind of business online is at risk.

How can an organization mitigate its exposure to MITM?
Our hardware solution Data Stream Protector is the only one of its kind that detects MITM attacks and shuts down the data stream. In the case of a situation where the data stream can’t be shut down for business purposes, the hardware will identify what’s going on and alert the parties involved. Its second line of defense relies on an encryption algorithm and a pairing of public and private keys that can be changed as often as needed, which is as secure as it can possibly be. However, we are not a standalone solution that can save everybody in every situation. Our device should be part of a bigger security strategy that protects all of the data behind the firewall. At the end of the day we all want to win this war, and we need to use everything at our disposal to do so.

In summary…
Our concern about the MITM issue is precisely what Norm points out—the ease with which someone can acquire affordable devices such as Pineapple (see more here) which allows any novice attacker to masquerade as free wi-fi (at Starbucks, for instance) while stealing all the unsuspecting user’s sensitive credentials as they log in to their bank or their employer’s networks. It’s an unfortunate sign of things to come, and one that will certainly require preventive solutions.