What is Man In The Middle (MITM) attack?


Man-in-the-middle” is often referred to an attack, but does not have to be — it is a broad term to describe any device that sits between your computer and the destination.

With that said, when an attacker can position him/herself in between your data and a destination, you can imagine what becomes possible: stolen personal information, passwords/credentials, financial information, general browsing history, and more — all of which fall under a category of information that most would refer to as “sensitive.”

How a MITM attack takes place

MITM attacks tend to occur when you are on an unsecured network, or run really outdated software. Before we dive deeper into how a MITM attack plays out, an analogy might help. Imagine if you (John) were calling Jane. Here, you begin your call by telling Jane about your day — nothing seems amiss. Unfortunately, your seemingly “secure” call has been monitored this entire time; everything about “your day” is now known by the attacker that has placed him/herself between your telephone and Jane’s telephone. This is the very definition of a “man-in-the-middle” attack — literally.

In more technical terms, a MITM begins with “inspection.” That is, an attacker will monitor outgoing traffic first to determine their next course of action (checking for insecure traffic, etc.). Other vectors include session hijacking (where cookies are stolen) and packet injection.

Their next course of action will eventually be to find a way to “slot” themselves in between for an attack. Whether they decide on using a stolen SSL certificate (for MITM’ing secure connections), to exploiting vulnerabilities in older SSL versions — so long as they can display themselves as an “invisible” entity between you and a destination server, it will be done:

What Are Man In The Middle (MITM) Attacks

Once this occurs, an attacker has (essentially) full control over the data being intercepted. They can modify data on-the-fly to fool a destination server into transferring sums of money to the attacker and steal other personal information (SIN/SSN numbers, your date-of-birth, and more).


MITM attacks, when executed well, can cause financial loss and damage to a victim’s identity. Whether the MITM attack is targeted or not, such attacks often require the exploitation of a vulnerability in old software or physical presence to intercept traffic. MITM attacks can be mitigated by using a secure tunnel* and up-to-date software, but no solution is totally foolproof. Here are some practices can be taken to reduce your chances of being caught by an attacker:

  • Refraining from using public networks
  • Keeping your OS up-to-date (this also keeps your “certificate store” up-to-date) Source verification and strong encryption


MITM Attacks

MITM Attacks refer to "man-in-the-middle" attacks.