Threats: Man in the Middle
In 2004, the first wave of “
Phishing 1.0” attacks tricked unsuspecting consumers into clicking on links to fake bank websites and giving up their usernames, passwords, and other personal information leading to financial fraud and identity theft.
Phishing 2.0 has evolved to combine traditional Phishing ‘hooks’ with a
Man in the Middle attack (in the Citibank case involving a botnet), and URL spoofing. A
Phishing 2.0 attack tricks the user into clicking on a link to login to their bank through the Man-in-the-Middle Phishing proxy site. It is actually easier to launch than traditional Phishing 1.0 scams because the attacker does not need to create and maintain a copy of a fake site. The phisher merely passes through the actual pages from the real web site, then steals data or makes changes to transactions automatically using easy-to-write scripts.
"This is a common and predictable attack. As an industry, we need to accept that solutions not incorporating strong client and server authentication cannot survive the Internet. Ten years ago, this was evident with the advent of key SSL mechanisms. It's time to put them to work"
Eric Greenberg
Chief Master Architect for security firm KSR
Former leader of Netscape's security group, which originally created SSL
Why Are These Security Measures Vulnerable?
These measures are vulnerable to
Phishing 2.0 attacks for some combination of the following reasons:
- They rely on weak, easily spoofable information such as http header information or IP geolocation
- They rely on ‘shared secrets’ that must be sent over the Internet where an attacker can get them
- They use only one-way SSL security (only the website has an SSL certificate) instead of two-way, which is the way SSL was designed to be used
How does TriCipher Prevent Man in the Middle Attacks?
"When we deployed TriCipher's solution over a year ago, it was clear to us that such Man in the Middle attacks would start appearing. Using a combination of both the more economical PC2 Factor authentication credential, and TriCipher�s Armored Token technology, we have protected our business from such attacks whilst preserving our investment in
tokens"
Paul Darnell, Chief Operations and IT Director
Advanced Payment Solutions
The
TriCipher Armored Credential System prevents
Man in the Middle attacks by removing reliance on shared secrets sent over the Internet and making it possible to use 2-way SSL. With two-way SSL, the server knows who’s on the other end of the session via a strong digital signature that an attacker can’t use to log himself in and can’t spoof. This prevents
Man in the Middle attacks – no shared secret to intercept and no ability to read or change transactions. With the
TriCipher Armored Credential System, users are authenticated with proven digital signature techniques made easy by TriCipher’s patented technology.
