The term Man-In-The-Middle (man in the middle in English) denotes an encryption attack on a computer network. It is a third host that transparently forwards digital information as a gateway between two or more communication partners and spies simultaneously. The sender and recipient are unaware that a third host exists between the two and that they are not in fact communicating directly. This type of attack is called a Man-In-The-Middle attack (abbreviated MITM attack). The most common goals are secure SSL connections, as in online banking.
In a MITM attack, the attacker has full control of the information between two or more link partners. This allows the attacker to read, influence and manipulate the information. The attacker is reflecting the identity of the first and second communication partner, so that he can participate in the communication channel. The information between the two hosts is encrypted, but is decrypted by the attacker and transmitted (see also proxy server).
- Two linked peers A and B are on the same subnet. The "MITM" sends its own MAC address to the two hosts with the IP address of the respective other party. The computers of both hosts A and B connect to the attacker's PC. The two communication partners A and B believe that they are directly connected.
- Phishing attacks through emails that redirect to fake websites.
- Phishing or electronic banking kits
- Travel portals that are not actually travel portals but offer cheap flights. The customer enters his account number and his bank code in the fake web portal.
- "Marker attacks" are the classic "man-in-the-middle attacks."
Attacks on https connections
An invisible attacker can even attack encrypted https connections. For this case, the attacker must decrypt the information, read it and transmit it in an encrypted form to the two addresses respectively. This attack dynamic is successful if the encryption of the data packets is carried out no signed certificates (for example, via fake SSL certificates).
Impact on SEO
More and more webmasters and SEOs are encouraged to make their websites more secure. Thus, Google has included SSL encryption since August 2014 as a ranking factor. If this encryption technique is used, the risk of a MITM attack is lower than without encryption.
To ensure that users are sufficiently protected against attacks, website operators must also regularly update their software and servers so that no third party can hack traffic between servers and clients. Along with SSL encryption, Google also monitors security breaches and alerts webmasters if their web portal has been hacked, as long as it is registered in the Google Search Console.