It’s come to light that the NSA has impersonated Google — and possibly other big websites — in order to intercept, store, and read supposedly secure online communications.
Mother Jones reports that the agency managed this by using “man-in-the-middle (MITM)” attacks, which are often used by high-class hackers. PowerPoint slides made public by a Brazilian news channel also suggest the technique is used by the UK-based GCHQ. Mother Jones describes how the hack works:
According to the document, NSA employees log into an internet router — most likely one used by an internet service provider or a backbone network. (It’s not clear whether this was done with the permission or knowledge of the router’s owner.) Once logged in, the NSA redirects the “target traffic” to an “MITM,” a site that acts as a stealthy intermediary, harvesting communications before forwarding them to their intended destination.
While MITM attacks are risky, because they’re easy to spot if someone’s watching, they manage to defeat encryption without ever cracking any code — because they trick the user into giving up account details required to gain access to data. It’s not clear how widespread the use of MITM attacks was, but it’s another sneaky trick to add the growing list of NSA snooping tactics. [Mother Jones]