Thursday, March 28, 2013

Man-in-the-Middle Hack/Attack

The man-in-the-middle attack (MITM) or Janus attack is a form of active eavesdropping in which the
attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. It was designed to defeat public key cryptography first introduced to the internet as Pretty Good Privacy (PGP).
PGP can be used to send messages confidentially. For this, PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The session key is protected by encrypting it with the receiver's public key, therefore ensuring that only the receiver can decrypt the session key. The encrypted message and encrypted session key are sent to the receiver.
Early PGP software was pretty good until MIT bought the license, worked the software under a program funded by the National Security Agency and sold it to the public with a back door. A back door in cryptospeak is an engineered solution in the algorithm that will allow a third party to crack the cypher and thus, read your mail. The FBI and other federal law enforcement jumped on this MITM solution in the mid-1990's. Possibly as early as 1995 according to EPIC (see link below). 

This is now news because the FBI's use of Stingray, which facilitates a government-initiated MITM attack, is going to court. (EPIC Lawsuit) In the case, which you can read for yourself at the Electronic Privacy Information Center's website. 

The technology took quite a bit longer to reach Mexico, though it has been in use for at least the past three years. It will never be illegal for the government to use in Mexico, but explains why nobody is talking on cell phones.

No comments:

Post a Comment