MTE Explains: What Is a “Man in the Middle Attack?”

For an attack carried out over the Internet to be successful, the hacker behind it has to be clever. And nothing demonstrates wit more clearly than the “man in the middle attack.” Although few people will ever fall victim to it in their lives, the number of potential victims is staggering. Because of the span in which it can be carried out, this type of attack can be more common over time as hackers’ methods and tools grow in sophistication. It’s time to make people aware of what a “man in the middle” (MiM) attack is and some best practices that could prevent it from being carried out.


A man in the middle attack – abbreviated “MiM” – occurs when a hacker cuts into a conversation or data transaction between you and another person or server, then sends false information to one of the parties. A successful MiM attack will allow a hacker to impersonate both parties in the transaction. Let’s build a scenario: you’re logging into PayPal and someone hijacks your connection with the server by breaking the connection and inserting themselves as a “middleman” between you and the server. The hacker impersonates you and then sends PayPal a request to withdraw your money into their own account.

The same could happen in conversations: You have a conversation over Facebook with a sibling, and a hacker breaks your connection to Facebook and then sends a fake message from your sibling asking you something highly personal. To you it looks as though your sibling is asking you something, but your reply will go to the hacker. You wouldn’t even know that anything happened until it was too late.

These attacks are particularly dangerous because it’s very difficult to detect that anything went wrong, especially if the hacker shares an IP with you on the same network (as would be the case in a public WiFi connection). You would fall victim to an MiM attack and never realize it until your financial accounts are empty or your personal information is leaked to the public.

Wireless Symbol Drawn on a Blackboard

Since no intervention is possible once an MiM attack happens (aside from changing your passwords and other typical damage control measures), prevention is key here. Forget about stopping it in its tracks; you need to stop it from ever happening under any context. A good way to do this is to stop trusting public WiFi networks. Do not do anything important over a public WiFi network. Ever. Because of the nature of WiFi, every time you send data over the network, you broadcast it, making it visible to every other node on the network. If you absolutely need to connect to log into a financial service or something else important over public WiFi, do everything you can to secure that connection. One of the best things you can do is connect via an encrypted virtual private network (VPN).

Try to avoid any situation in which your phone, tablet, laptop, or PC ends up sharing an Internet connection with others outside of your home. Whether you are in a coffee shop, an airport, or a library, make sure you’re not withdrawing or moving around any money or even discussing anything sensitive with anyone. If you absolutely have to, make sure the connection is secured beforehand.

Do you have any other pieces of advice in preventing and combating MiM attacks? Make sure you tell us about it in a comment!