Читать книгу Cybersecurity For Dummies - Joseph Steinberg - Страница 51

One special type of interception is known as a man-in-the-middle attack. In this type of an attack, the interceptor proxies the data between the sender and recipient in an attempt to disguise the fact that the data is being intercepted. Proxying in such a case refers to the man-in-the-middle intercepting requests and then transmitting them (either in modified form or unmodified) to their original intended destinations and then receiving the responses from those destination and transmitting them (in modified form or unmodified) back to the sender. By employing proxying, the man-in-the-middle makes it difficult for senders to know that their communications are being intercepted because when they communicate with a server, they receive the responses they expect.

For example, a criminal may set up a bogus bank site (see the earlier “Phishing” section) and relay any information that anyone enters on the bogus site to the actual bank site so that the criminal can respond with the same information that the legitimate bank would have sent. Proxying of this sort not only helps criminals avoid detection — users who provide the crook with their password and then perform their normal online banking tasks may have no idea that anything abnormal occurred during the online banking session — but also helps the criminals ensure that they capture the right password. If a user enters an incorrect password, the criminal will know to prompt for the correct one.

Figure 2-2 shows the anatomy of a man-in-the-middle intercepting and relaying communications.

FIGURE 2-2: A man-in-the-middle interception.