(also MITM, MITM attack, adversary-in-the-middle, machine-in-the-middle, meddler-in-the-middle, person-in-the-middle)
A man-in-the-middle-attack (MITM) is a cyberattack where a hacker inserts themself into a conversation between two parties — the user and the entity the user is trying to communicate with. The malicious player becomes the “man in the middle” and may intercept communications to eavesdrop, impersonate, or steal sensitive information.
Real man-in-the-middle attack examples
- 2011: Hackers obtained 500 website certificates from DigiNotar, using them to disguise malicious pages as legitimate sites and trick users into entering sensitive information.
- 2017: Cybercriminals were able to intercept data from the users of the Equifax app, which left a backdoor open due to the faulty application of the HTTPS protocol.
Common types of MITM attacks
- IP spoofing. When an IP address is spoofed, it looks like the traffic is coming from a legitimate website.
- HTTPS spoofing. The attacker tricks a browser into believing it’s visiting a trusted HTTPS website while it’s redirected to an unsecured website.
- DNS spoofing. This attack involves replacing DNS records to redirect online traffic to a malicious or fraudulent website. The attacker can then capture the user’s login credentials.
- SSL hijacking. The attacker uses another device to intercept the information passing between the server and the victim’s computer.
- Email hijacking. The attacker gains control of the target’s email account and manipulates it for financial gain (e.g., emailing the victim’s employer with “new bank details”).
- Stealing browser cookies. When attackers hijack browser cookies, they can access the user’s login details and other sensitive information.
- Wi-Fi eavesdropping. This MITM attack involves setting up fake Wi-Fi hotspots with legitimate-sounding names. When the victim connects to the fraudster’s Wi-Fi, the attacker can monitor their activity, gain access to login credentials, and more.