Security Encyclopedia

Man-in-the-Middle (MITM) 

A Man in the Middle (MitM) attack occurs when a communication between two systems or people is intercepted by an unauthorized party. The person intercepting attempts to either eavesdrop on the exchange or impersonate one of the authorized parties in such a way as to not raise awareness of the intrusion.

The aim of a MitM attack often is to intercept a transmissions of personal information that is useful, sensitive or profitable if applied fraudulently (e.g. logins, account details, credit card information, etc.).

Typically MitM attacks are focused on financial and e-commerce entities, or other websites required credentialed logins. Stolen information may then be used for identity theft, unapproved financial transfers, or the information may be sold to a third party.

Example:

“An entire trade show of IT professionals fell victim to a Man-in-the-Middle Attack when the convention center’s wifi network was compromised. There were countless incidents of stolen credit card numbers, login credentials, and personal data.”

MITM Attacks Explained:

Source: Computerphile