Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 171: Beware of "Man in the Middle Attack"
Reference Number: ACG-CSB 080919171
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
A man-in-the-middle is a form of cyber security attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. The attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly with each other over a private connection. As a matter of fact, the entire conversation is controlled by the attacker. The attacker will be able to intercept all relevant messages passing between the two victims and inject new ones.
The most common way of doing this is through a passive attack, wherein the attacker creates free, malicious Wi-Fi hotspots available to the public. Typically, Wi-Fi hotspots are named in such a way that it corresponds to their location and usually are not password protected. Once a victim connects to such a hotspot, the attacker gains full visibility to any online data exchange.
Criminals set up fake public Wi-Fi networks that innocent users then log onto and send data over. The criminals have access to all the information that the users send over that network and steal any valuable data. A criminal could also conduct a man-in-the-middle attack by setting up a fake website that pretends to be a legitimate one, after which, the attackers steal consumers’ information when they try to access the fake website. Another strategy involves intercepting emails between two parties and creating spoofed emails which entice the victims to provide sensitive data to the attackers.
The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, e-commerce sites and other websites where logging in is a requirement.
All PNP personnel as well as the public are advised to follow the tips in order to avoid a man-in-the-middle attack:
- Do not click on e-mail links.
- Do not open attachments from unknown senders.
- Always check the URL when making online financial transactions. Be sure that you are entering the legitimate secured sites.
- Be sure to change your home Internet password from the default settings set by the Internet Service Provider.
- Avoid using public Wi-Fi on your phone, tablet or computer to check your email, your bank account balance, your credit card account, or any other site that contains or requires your personal data.
- Use Internet security software.
- Secure your network.
For additional information, please refer to the following websites:
POINT OF CONTACT