A man-in-the-middle attack or a MITM-attack is difficult to detect and difficult to defend against it. MITM-attacks usually do not infect personal computers in the network. Instead, they control all communications between PСs. For example, an infected router with free public Wi-Fi can be a perfect subject for a man-in-the-middle attack.
Offline man-in-the-middle attack
MITM-attacks appeared before personal computers. The implication was the following: an attacker intervenes between two people who communicate with each other. In fact, it looks like simple eavesdropping.
Suppose that you are communicating with someone by regular post - you write letters to each other. And your post office has a dishonest postman, who may open your letter, read it, seal up back and then send it to the recipient. The recipient, in its turn, writes you a response, sends the envelope with the letter, which will be later again opened, read, and sealed by the postman. You cannot even guess that the "man-in-the-middle" stands between you and your recipient. This kind of attack is invisible to the participants of correspondence.
This is a kind of eavesdropping, when someone sits on the communication channel between two parties and reads all passing traffic. This is the essence of a MITM-attack. However, intercepting and reading personal correspondence is the smallest of problems. Much worse, if you send emails with sensitive information.
An attacker could also change your message while it is traveling. Let's say you send someone a letter by a regular mail. A man-in-the-middle can slightly modify it by adding his/her own text, which theoretically will bring him/her benefits, for example, ask the recipient to send some money. Of course, the handwriting of a new section in the letter will be different from the original text, so the man-in-the-middle just completely rewrites letter word for word, adds what seems to fit, and then sends it to your addressee. As long as the man-in-the-middle is a part of correspondence, the recipient cannot notice this trick. The receiver sends a return letter with money, the man-in-the-middle takes it and rewrites the text without the mention about sent cash. It's time-consuming process when it comes to real life. But on the Internet all is much easier, because such tricks can be done automatically by means of special software.
Online man-in-the-middle attack
Online man-in-the-middle attacks are implemented in the same way. Suppose that you are connecting to an infected Wi-Fi router at public place. You are trying to enter the bank's website. In the simplest case, you'll get an error about untrusted security certificate. This message warns you of MITM-attack, but most people consider it like an unimportant error and agree to go on and continue to work. Therefore, you have entered the personal account on the bank's website to check balances or transfer your money as usual. Everything looks OK and unsuspicious.
In fact, an attacker can create a fake server that replaces the bank website to a fake website that is no different from the original, except the bank's URL that is changed so that a user does not notice this. So when you enter your personal cabinet, your credentials are sent to the MITM-server that registers you, intercepts the data of the requested page on the true website and sends you its modified copy. Everything looks fine, but in fact, the MITM-server continuously redirects the data out and home, and intercepts the sensitive information. A certificate warning is not a simple warning. A MITM-server will never have a trusted security certificate of your real bank's website.
When working with sites over HTTP, an unencrypted protocol (unlike HTTPS), you never get a warning about MITM-attack. That is why web pages that intend to work with sensitive data, such as a login page, online banking, e-shopping and email services, tend to operate through HTTPS-connection.
SFletter.com, a secure email service, uses secure HTTPS protocol to provide a high level of security for its users.
However, there is a special tool called “SSLStrip” that changes HTTPS to unencrypted HTTP protocol behind your back. In this case, when you visit your bank's website, you will not see a certificate warning. You will be redirected to a fake bank website and will be hacked trying to log in. The only thing that can be noticed in this situation is the bank website is working over HTTP instead of HTTPS. But it is very easy to overlook.
Other MITM-attacks can be based on software that infects PCs. For example, malware can hide in the background processes of a personal computer between a browser and MITM-servers that remotely operate its work. Such malicious software, of course, should be found with the help of a good anti-virus.
Protection against man-in-the-middle attacks
It's too hard to have a never-ending protection against MITM-attacks, because they are too complex in nature. Typically, it means that communication channels, such as a Wi-Fi router, are initially compromised because of being public. It is possible to notice an MITM-attack, because a real remote server likely will use a HTTPS encryption. You should be very careful when it comes to personal data security.
Here are some tips:
Do not ignore the warning about fake/untrusted security certificate. The warning about untrusted security certificates indicates that there are some serious problems. If a certificate does not match the server, it means that you are referring to a phishing or a fake server that makes a MITM-attack. It also could mean that a server is misconfigured. Therefore, many users are accustomed to ignore such warnings. Just do not click on the "Continue" button, especially if you want to go to an email service's website or to a bank's private office.
Always check for connection over HTTPS. When you connect to a website that contains sensitive data, where you enter your password or credit card information, make sure the site uses encryption over HTTPS. Quickly look at the address bar and make sure you have HTTPS, before logging the system, especially in public Wi-Fi networks. There is one extension for Internet browsers called «EFF HTTPS Everywhere» that can help you a little bit with that. This tool forces a browser to use HTTPS on sites that support this protocol.
Use caution when working in public Wi-Fi networks. Be especially careful while connecting to untrusted public Wi-Fi networks. Avoid working with online banking and other special confidential things that need to connect to the network. Be very careful if you see security certificate error messages, and do not go to sites that work with sensitive data without HTTPS encryption.
Use antivirus. Antivirus software and other basic security methods can protect you from MITM-attacks, which require to install malware on your PC..
Man-in-the-middle attacks depend on the level of vulnerability of a communication channel, so do not use an untrusted internet connection to keep your confidential data safe.