Home Archive RSS/XML Subscribe Shop

[ISN] How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

From: InfoSec News <alerts_at_infosecnews.org>
Date: Thu 10 Jul 2008 - 03:26:58 CDT
http://www.wired.com/politics/security/commentary/securitymatters/2008/07/securitymatters_0710

By Bruce Schneier
Security Matters
Wired.com
July 9, 2008

Last week's dramatic rescue of 15 hostages held by the guerrilla 
organization FARC was the result of months of intricate deception on the 
part of the Colombian government. At the center was a classic 
man-in-the-middle attack.

In a man-in-the-middle attack, the attacker inserts himself between two 
communicating parties. Both believe they're talking to each other, and 
the attacker can delete or modify the communications at will. The Wall 
Street Journal reported how this gambit played out in Colombia. The plan 
had a chance of working because, for months, in an operation one army 
officer likened to a "broken telephone," military intelligence had been 
able to convince Ms. Betancourt's captor, Gerardo Aguilar, a guerrilla 
known as "Cesar," that he was communicating with his top bosses in the 
guerrillas' seven-man secretariat. Army intelligence convinced top 
guerrilla leaders that they were talking to Cesar. In reality, both were 
talking to army intelligence.

   This ploy worked because Cesar and his guerrilla bosses didn't know 
   each other well. They didn't recognize each others' voices, and 
   didn't have a friendship or shared history that could have tipped 
   them off about the ruse. Man-in-the-middle is defeated by context, 
   and the FARC guerillas didn't have any.

And that's why man-in-the-middle, abbreviated MITM in the computer 
security community, is such a problem online: Internet communication is 
often stripped of any context. There's no way to recognize someone's 
face. There's no way to recognize someone's voice. When you receive an 
e-mail purporting to come from a person or organization, you have no 
idea who actually sent it. When you visit a website, you have no idea if 
you're really visiting that website. We all like to pretend that we know 
who we're communicating with -- and for the most part, of course, there 
isn't any attacker inserting himself into our communications -- but in 
reality, we don't. And there are lots of hacker tools that exploit this 
unjustified trust, and implement MITM attacks.

[...]
Received on Thu Jul 10 03:26:58 2008
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy