[ISN] How a Classic Man-in-the-Middle Attack Saved Colombian Hostages

From: InfoSec News <alerts_at_private>
Date: Thu, 10 Jul 2008 03:26:58 -0500 (CDT)

By Bruce Schneier
Security Matters
July 9, 2008

Last week's dramatic rescue of 15 hostages held by the guerrilla 
organization FARC was the result of months of intricate deception on the 
part of the Colombian government. At the center was a classic 
man-in-the-middle attack.

In a man-in-the-middle attack, the attacker inserts himself between two 
communicating parties. Both believe they're talking to each other, and 
the attacker can delete or modify the communications at will. The Wall 
Street Journal reported how this gambit played out in Colombia. The plan 
had a chance of working because, for months, in an operation one army 
officer likened to a "broken telephone," military intelligence had been 
able to convince Ms. Betancourt's captor, Gerardo Aguilar, a guerrilla 
known as "Cesar," that he was communicating with his top bosses in the 
guerrillas' seven-man secretariat. Army intelligence convinced top 
guerrilla leaders that they were talking to Cesar. In reality, both were 
talking to army intelligence.

   This ploy worked because Cesar and his guerrilla bosses didn't know 
   each other well. They didn't recognize each others' voices, and 
   didn't have a friendship or shared history that could have tipped 
   them off about the ruse. Man-in-the-middle is defeated by context, 
   and the FARC guerillas didn't have any.

And that's why man-in-the-middle, abbreviated MITM in the computer 
security community, is such a problem online: Internet communication is 
often stripped of any context. There's no way to recognize someone's 
face. There's no way to recognize someone's voice. When you receive an 
e-mail purporting to come from a person or organization, you have no 
idea who actually sent it. When you visit a website, you have no idea if 
you're really visiting that website. We all like to pretend that we know 
who we're communicating with -- and for the most part, of course, there 
isn't any attacker inserting himself into our communications -- but in 
reality, we don't. And there are lots of hacker tools that exploit this 
unjustified trust, and implement MITM attacks.


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Thu Jul 10 2008 - 01:26:58 PDT

This archive was generated by hypermail 2.2.0 : Thu Jul 10 2008 - 01:55:47 PDT