User:Drew Carver1/sandbox

This image shows an example of how an attacker can intercept data between other devices

Man-in-the-middle attack

This article explains a method that is used in cyberattacks called Man-In-The-Middle. This is where an attacker injects themselves into a conversation or private meeting without the knowledge of the other parties involved. A simple example could be someone hiding in a secure chatroom where others are messaging or talking each other while the attacker eavesdrops. It could also involve the attacker posing as another person so that they can retrieve information that the victim would not otherwise willingly give them.

Scenario's

Example

1. The attacker installs a packet sniffer to analyze network traffic for insecure communications.
2. When a user logs in to a site, the attacker retrieves their user information and redirects them to a fake site that mimics the real one.
3. The attacker's fake site gathers data from the user, which the attacker can then use on the real site to access the target's information.

In this scenario, an attacker intercepts a data transfer between a client and server. By tricking the client into believing it is still communicating with the server and the server into believing it is still receiving information from the client, the attacker is able to intercept data from both as well as inject their own false information into any future transfers.

Types of MITM attacks

Email Hijacking – Attackers gain access to a user’s email account and watch transactions to and from the account. When the time is right, for instance the user is exchanging funds with another party, the attacker takes advantage of the situation by attempting to intercept the funds by spoofing one or all members of the conversation.

Wi-Fi Eavesdropping – A passive way to deploy MITM attacks, Wi-Fi eavesdropping involves cyber hackers setting up public Wi-Fi connections, typically with an unsuspecting name, and gain access to their victims as soon as they connect to the malicious Wi-Fi.

Session Hijacking – Session hijacking is when an attacker gains access to an online session via a stolen session key or stolen browser cookies.

DNS Spoofing – An attacker engages in DNS spoofing by altering a website’s address record within a DNS (domain name server) server. A victim unknowingly visits the fake site and the attacker will attempt to steal their information.

IP Spoofing – Similar to DNS spoofing, IP Spoofing sees an attacker attempt to divert traffic to a fraudulent website with malicious intent. Instead of spoofing the website’s address record, the attacker disguises an IP (internet protocol) address.

Prevention and Detection

 

This display shows the process of authenticating SSL certificates that websites use to prove their identity

 

This is an image of a program called Wire Shark that is an open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development

A MITM attack can be prevented in many situations, however this is not always possibly. It it is crucial to have multiple systems in place so you can circumvent and recognize an attack. One common practice is to have a structure where clients and servers exchange certificates. These certificates are then verified by a third party called a certificate authority. The certificates are then used for mutual authentication were two parties authenticate and verify each other at the same time before any data or information is transmitted. If this fails, one way to detect these types of attacks is to employ some sort of tamper detection. Creating a monitoring system that determines the latency between communications can be a great way to detect potential attacks. If response times are taking longer than usually it could mean that there is someone or something else also receiving data, attributing to the long response times.

Packet analyzers or Packet Sniffers are a form of monitoring and can be used if someone believes a attack has taken place. Network managers and technicians use packet sniffers, also called packet analyzers, to diagnose underlying problems in their networks. So, a packet sniffer is essentially a tool that aids in monitoring network traffic and troubleshooting a network. It works by capturing and analyzing packets of data that flow through a particular network.

Real Life Instances

Ever since the beginning of time there has always been someone willing to steal and obtain information. As time goes on computers ,networks and the internet become more prevalent in society. This has led many people to adapt and learn how to manipulate these systems. Over the last few decades there have been many MITM attacks, but here are some that involve well known organizations that were able to be identified.

NSA's Impersonation of Google

One example was when the NSA supposedly disguised itself as Google in order to obtain information. A Brazilian news agency obtained a particular document which was part of a leak from Edward Snowden who is well known for leaking classified information from the United States government and reported on this attack. They mentioned It was not apparent whether the NSA or the Government Communications Headquarters carried this attack out, but it is speculated that they most likely obtained a fake security certificate to look like they are part of Google and reroute information to them, then relaying that same information back to it's destination so that nobody would notice the middle man exchange.

Superfish Malware

 

Lenovo and Superfish Malware Logo

This incident involved a software called Superfish that was used in order to alter search results and to show different ads that were relevant to you. However it was eventually discovered that it could leave your computer open to attackers, who could possibly see all of your transactions, messages and or passwords. Lenovo a major technology company had produced many devices with this software pre-installed and had to release a Superfish removal tool. Also the US Department of Homeland Security had put out a warning about this specific software following this incident.

Comcast

Assignment 6

1.     Provide the title of your article

2.     What are the key ideas?

3.     What are the main problems addressed/ identified?

4.     why your chosen topic was worth undertaking?

5.     what are the technological standpoints?

6.     what are the ethical standpoints?

7.     what are the societal standpoints?

8.     Which audience is influenced by the article?

1.Man-in-the-Middle Attack

2. The idea of this article was to explain a type of cybersecurity breach that is best compared to eavesdropping, but with computers, servers or private connections.

3. The main problem identified in this article is how this can be used on anybody if they do not have the proper tools to stop an attack like this. Especially if you are a person of interest or have information they may be valuable to others you may never know that someone was watching over you.

4. I thought this article was worth taking on because I am sure it is an under appreciated type of security breach. Most people think that someone can just steal anything they want if you know what your doing, but just listening in on someone's conversation, acting as if you are someone else or disguising your own website as another could be just as an effective way to get what you want as any other, especially if you can't use brute force to get yourself into a network.

5-7.This entire concept comes to show how the current and future state of technology will change how we think. A lot of information can simply be obtained over the internet or networks in general. Someone can get away with this all while maintaining anonymity and never personally interacting with anyone. Now that computers are used more often, some people may have there whole life on on there computers and I think security is a good for anyone to look into.

8. This may not be entertaining for most, but network or security people would probably appreciate an article like this. However, if someone is just interested in computers it may be an article they would want to look over.

Assignment 7

One of the first contributions I wanted to add to this article would include some research on more of the notable instances included in this article. There are many different situations that a man in the middle attack was used in real world instances but a couple of them do not have any details included. One example was when the NSA supposedly disguised itself as Google in order to obtain information. A Brazilian news agency obtained A particular document which was part of a leak from Edward Snowden which many people have heard of at least in this day and age. It is not apparent whether the NSA or the Government Communications Headquarters carried this attack out, but it is speculated that they most likely obtained a fake security certificate to look like they are part of Google and reroute information to them, then relaying that same information back to it's destination so that nobody would notice the middle man exchange.

There was another incident mentioned in the article about a company and software called Superfish. There is not much of a description of what happened so I believe adding a description could be helpful. This software was used in order to alter search results and to show different ads that are relevant to you. However it was eventually discovered that it could leave your computer open to attackers, who could possibly see all of your transactions, messages and or passwords. Lenovo a popular technology company had produced many devices with this software pre-installed and had to release a Superfish removal tool. Also the US Department of Homeland Security had put out a warning about this specific software following this incident.

Moyer, E. (2013, September 12). NSA disguised itself as Google to SPY, say Reports. Retrieved March 17, 2021, from https://www.cnet.com/news/nsa-disguised-itself-as-google-to-spy-say-reports/

Harkinson, J. (2013, September 12). What, you thought Google was safe for private searching? Retrieved March 17, 2021, from https://www.motherjones.com/politics/2013/09/flying-pig-nsa-impersonates-google/

Rosenblatt, S. (2015, February 20). Lenovo's Superfish security snafu blows up in its face. Retrieved March 17, 2021, from https://www.cnet.com/news/superfish-torments-lenovo-owners-with-more-than-adware/

"Alert: Lenovo "Superfish" Adware Vulnerable to HTTPS Spoofing". United States Computer Emergency Readiness Team. February 20, 2015. Retrieved February 20,2015.

Assignment 8 Peer Review of Tictactrac's Article

The article that was chosen was the Combat Veteran Motorcycle Association(CVMA). When I first saw Tictactrac chosen article I had noticed that it was probably a great article to learn how to contribute. It is a fairly small article that most likely could be improved upon or could still have much more information added to it with the right amount of research. It may be more difficult to find information considering it seems to consist of small, inclusive groups through out the country, but the article could add some of the charity events that they have participated in, or where this organization tends to hold there meetings. They could possibly just be a group of men and woman that meet up at any location they feel like at the moment. There is a link to the website that describes some more information, but I think it would be better to also have it on the wiki. There could also add some more pictures, including the one of the president of the group if there is one online. There could be a link to there online store, to help with convenience also. These are just some of the few things I could think of that would make for a more detailed article.

Assignment 9 "Responding to Nick Baratta's Crticism"

Overall I did appreciate the advise and it definitely gave me some incite on things I could change. I am not the best writer and when it comes to summaries I tend to let them drag on and do not know where to stop. This time I chose to make it a little bit shorter and try to explain the the different key points in the article, while also paying attention to length. However I was not clear when I would move into another key point and should have had a better transition. I may have cut out a little to much information this time too. Also for assignment 6 I could have had a better explanation on the societal ethical, and technological standpoints questions. At the time I honestly had trouble giving a clear separate example for all of them since the one pretty much fit into every category. Lastly, I believe providing a brief history section in the beginning of the article could be beneficial. Adding the history from where these type of attack first were found or started could give the reader a better picture. Hopefully I can take some of these criticism's into my future writing as well.

This is a user sandbox of Drew Carver1. You can use it for testing or practicing edits. This is not the sandbox where you should draft your assigned article for a dashboard.wikiedu.org course. To find the right sandbox for your assignment, visit your Dashboard course page and follow the Sandbox Draft link for your assigned article in the My Articles section. Get Help