Man in the Middle Attacks

How hackers can steal the messages you send over the internet, and how to tell if your communications are secure.

If you’ve tried some of the codes we explored in past issues, you’ll know how good they are at keeping messages secret until they reach the intended recipient. As long as both you and your friend have the key that decrypts the code, your message can fall into anyone’s hands and they’ll have no idea what it says. This keeps the contents secure until it reaches the intended recipient.

While making codes to share with your friends may seem dated or ‘novel’, it’s still used to this very day. In fact, if you’ve ever used the internet, there’s a very high chance you’ve already engaged in encryption; you just never performed it yourself!

When you send and receive data from the internet, you do so using ‘packets’. These are little bundles of data that carry things to and from your computer. From giving a website your login information to getting streamed video data from YouTube, you’re constantly sending and receiving data via these packets when you use the internet.

Just like sending a message to someone else in the real world, sending packets over the internet has its privacy issues. There’s a kind of attack called the ‘man in the middle’ attack, where a nasty hacker reads packets going over a network and extracts data from them. If someone is sending their username and password over an unencrypted packet, the hacker will have all of their login details without the victim even realising!

Thankfully, we have ways to stop ‘man in the middle’ attacks from happening. One way to achieve this is to encrypt the packets being sent between two computers. Thankfully, you don’t need to lift a finger; there’s a good chance all the sites you’ve visited before have done this for you!

Have you ever noticed that some websites you visit start with “http://” and others start with “https://”? The ‘HTTP’ stands for HyperText Transfer Protocol, and the additional ‘S’ stands for Secure. Regular HTTP is used when the site isn’t handling important information, but the moment sensitive data comes into play (like your login details!), the connection becomes secure to protect your data. If you’ve paid close attention, you’ll notice that ‘https’ appears when you visit a site where you have to enter sensitive information; this is the additional ‘secure’ layer kicking into action.

Unlike regular HTTP, HTTPS uses an encrypted connection. This works very similarly to the messages you send your friends! Your computer and the receiving computer agree on a secret encryption code to work under. Then, they start sending each other packets using this encryption. If a hacker manages to ‘catch’ a packet, all they’ll see when they open it up is encrypted data, much like how anyone who reads your secret messages would see only gibberish.

People who want to secure their sites with HTTPS must first buy a special certificate called an SSL (secure sockets layer) certificate. This certificate verifies that the website is who they claim to be, and isn’t trying to trick people. Once a website has this special certificate, they can use HTTPS as long as that certificate is valid.

If you want to avoid ‘man in the middle’ attacks, it’s a good idea to only enter your personal details on sites that use HTTPS. It’s very easy to check; just take a look at your address bar for ‘https’ at the start, and a little padlock icon to the left. Likewise, if something went wrong with the HTTPS service (for example, their certificate is out of date), the browser will display an error saying the site isn’t as secure as it’s claiming, and that your details are at risk.

Learn More

The Difference between HTTP and HTTPS

https://www.globalsign.com/en/blog/the-difference-between-http-and-https/

Should I Buy from This Site? How to Know if a Website is Secure

https://www.digicert.com/blog/buy-site-know-website-secure/

What is an SSL certificate?

https://us.norton.com/internetsecurity-how-to-ssl-certificates-what-consumers-need-to-know.html

Defend against Man in the Middle Attacks

https://www.networkworld.com/article/2180467/wireless/mit-researchers-craft-defense-against-wireless-man-in-middle-attacks.html

Author

  • Simon Batt

    Simon Batt is a UK-based tech enthusiast and all-around geek. His favourite things are cups of tea, cats, and new gadgets, even though they never mix well.

Also In The February 2019 Issue

The craft world and the tech world collide in this fun, hands-on activity.

For twenty three years, since 1996, cars have used computers to control different parts of the car.

Synchronizing games with players from all around the world is no easy task.

A simple thought experiment sheds light on the dangers of AI. Can we stop the earth being buried in paperclips?

‘Files’ may be easy concepts for humans, but not for computers. What’s going on inside your operating system?

Two ways to play Minecraft with an overarching storyline. Experience the game like never before!

Helping kids fall in love with coding through Minecraft mods and Raspberry Pis.

A better, smoother way to direct your theatrical masterpiece.

How hackers can steal the messages you send over the internet, and how to tell if your communications are secure.

It’s not as simple as it seems. Can you solve this classic programming problem?

Ever wondered what happens when you connect to a website? Time to dive into the secrets of networking!

Links from the bottom of all the February 2019 articles, collected in one place for you to print, share, or bookmark.

Interesting stories about science and technology for February 2019.

Interested but not ready to subscribe? Sign-up for our free monthly email newsletter with curated site content and a new issue email announcement that we send every two months.

No, thanks!