Man in the Middle Attacks
Image by Ralf Steinberger on Flickr
How hackers can steal the messages you send over the internet, and how to tell if your communications are secure.
If you’ve tried some of the codes we explored in past issues, you’ll know how good they are at keeping messages secret until they reach the intended recipient. As long as both you and your friend have the key that decrypts the code, your message can fall into anyone’s hands and they’ll have no idea what it says. This keeps the contents secure until it reaches the intended recipient.
While making codes to share with your friends may seem dated or ‘novel’, it’s still used to this very day. In fact, if you’ve ever used the internet, there’s a very high chance you’ve already engaged in encryption; you just never performed it yourself!
When you send and receive data from the internet, you do so using ‘packets’. These are little bundles of data that carry things to and from your computer. From giving a website your login information to getting streamed video data from YouTube, you’re constantly sending and receiving data via these packets when you use the internet.
Just like sending a message to someone else in the real world, sending packets over the internet has its privacy issues. There’s a kind of attack called the ‘man in the middle’ attack, where a nasty hacker reads packets going over a network and extracts data from them. If someone is sending their username and password over an unencrypted packet, the hacker will have all of their login details without the victim even realising!
Thankfully, we have ways to stop ‘man in the middle’ attacks from happening. One way to achieve this is to encrypt the packets being sent between two computers. Thankfully, you don’t need to lift a finger; there’s a good chance all the sites you’ve visited before have done this for you!
Have you ever noticed that some websites you visit start with “http://” and others start with “https://”? The ‘HTTP’ stands for HyperText Transfer Protocol, and the additional ‘S’ stands for Secure. Regular HTTP is used when the site isn’t handling important information, but the moment sensitive data comes into play (like your login details!), the connection becomes secure to protect your data. If you’ve paid close attention, you’ll notice that ‘https’ appears when you visit a site where you have to enter sensitive information; this is the additional ‘secure’ layer kicking into action.
Unlike regular HTTP, HTTPS uses an encrypted connection. This works very similarly to the messages you send your friends! Your computer and the receiving computer agree on a secret encryption code to work under. Then, they start sending each other packets using this encryption. If a hacker manages to ‘catch’ a packet, all they’ll see when they open it up is encrypted data, much like how anyone who reads your secret messages would see only gibberish.
People who want to secure their sites with HTTPS must first buy a special certificate called an SSL (secure sockets layer) certificate. This certificate verifies that the website is who they claim to be, and isn’t trying to trick people. Once a website has this special certificate, they can use HTTPS as long as that certificate is valid.
If you want to avoid ‘man in the middle’ attacks, it’s a good idea to only enter your personal details on sites that use HTTPS. It’s very easy to check; just take a look at your address bar for ‘https’ at the start, and a little padlock icon to the left. Likewise, if something went wrong with the HTTPS service (for example, their certificate is out of date), the browser will display an error saying the site isn’t as secure as it’s claiming, and that your details are at risk.
Learn More
The Difference between HTTP and HTTPS
https://www.globalsign.com/en/blog/the-difference-between-http-and-https/
Should I Buy from This Site? How to Know if a Website is Secure
https://www.digicert.com/blog/buy-site-know-website-secure/
What is an SSL certificate?
https://us.norton.com/internetsecurity-how-to-ssl-certificates-what-consumers-need-to-know.html
Defend against Man in the Middle Attacks
Also In The February 2019 Issue

The craft world and the tech world collide in this fun, hands-on activity.

A simple coding activity to create triangles in all shapes and sizes.

Five ideas to create that extra special gift for Valentine’s Day.

For twenty three years, since 1996, cars have used computers to control different parts of the car.

Celebrate Lunar New Year with your own custom-built lantern, complete with LEDs and micro:bit!

Synchronizing games with players from all around the world is no easy task.

A simple thought experiment sheds light on the dangers of AI. Can we stop the earth being buried in paperclips?

What do students really learn from robotics class? And how can we make it better?

Create a dynamic optical illusion in SketchUp.

Learn how rockets may soon be able to refuel in 0G. Next stop: Mars!

‘Files’ may be easy concepts for humans, but not for computers. What’s going on inside your operating system?

Two ways to play Minecraft with an overarching storyline. Experience the game like never before!

Helping kids fall in love with coding through Minecraft mods and Raspberry Pis.

Learn why this powerful, 40-year old language is still popular today.

A better, smoother way to direct your theatrical masterpiece.

Explore the past of cellular phone technology, and take a peek into its future.

How hackers can steal the messages you send over the internet, and how to tell if your communications are secure.

Add multimedia & more to your fantasy computer game to make it cooler than ever.

It’s not as simple as it seems. Can you solve this classic programming problem?

Ever wondered what happens when you connect to a website? Time to dive into the secrets of networking!

Links from the bottom of all the February 2019 articles, collected in one place for you to print, share, or bookmark.

Interesting stories about science and technology for February 2019.