preface

Recently the entertainment circle of the big melon, Wu Mou Fan and all some bamboo events do not know how we eat melon to eat?

I am here to see with relish, from the two sides of the decisive battle to the police notice, it is quite interesting.

If we look at the police notice, we will find that there is a hidden knowledge about Internet security.

The body of the

What is a man-in-the-middle attack

Man-in-the-middle attack is a term that has been around for a long time.

In A simple description, A and B communicate through A certain channel. At this moment, A C appears. He intervenes in the communication between A and B in some way and makes A believe that C is B, while B also believes that C is A. In this case, the message from A to B is the same as the message from C to B, which means that no matter what message C sends, B will think it was sent by A. Similarly, the message sent by B to A looks like this. In this case, C is our semantic middleman, and the damage he does is a man-in-the-middle attack.

Hazards of man-in-the-middle attacks

It is not hard to see that C can do many things here:

  1. If C does nothing, he silently writes down the communication between A and B, which is called information theft. This behavior may enable C to obtain sensitive data (such as important data such as passwords) in the communication between A and B, and this behavior is difficult to be detected by A and B, because C has no action in it and no abnormality will be found in comparison between the two parties.

  2. If C tampers with the communication information between A and B, then C’s behavior is called information tampering

I’ll use a normal Http request as an example:

Suppose client A sends A request to server B with the body of “I love you baby” and client B responds with the body of “BABY, I love you too”. C became A middleman between A and B in some way. At this time, C changed A’s request to baby, I love you, but I had A car accident and needed 5000 yuan urgently. Dial XXXXXX as soon as possible, B received the message, performed the operation of transferring 5000 yuan, and then responded to become baby. Then C changes the response back to “BABY, I love you too”, at which point C completes an information tampering and causes actual harm (B transfers 5,000 yuan).

In combination withThe practical workThe checking

After the investigation, in June 2021, the suspect Liu mou at see are mou zhu and Wu Mou Fan of the network speculation information, then posing as related to the parties involved in fraud ideas. During the period, Liu at fictitious female identity, to have been wu Mou fan cheating feelings to common rights in the name of cheating all a bamboo trust, using nickname “DDX” micro signal and all a bamboo contact, access to some bamboo and Wu Mou Fan part of the communication information.

Here, Liu invented his identity to defraud Du Zhu’s trust, which can be regarded as liu (broker C) successfully obtained du Zhu’s trust (client A) (obtained the relevant certificates of communication between client A and server B).

Ryu Tiao middlemen (C) use of the information using A bamboo contact Wu Mou every lawyer (B) of A service (connected to the server is established through relevant vouchers), is named after the two sides reached A settlement for 3 million yuan compensation, and will be himself and had A bamboo bank account shall be given Wu Mou every lawyer (tamper with the forge the client A related request, At the same time, Liu mou at using “Beijing Fanshi Culture media” micro signal, claiming to be wu Mou fan lawyer, and Du Mou Zhu negotiation (middleman C to establish A connection with client A) reached A settlement compensation of 3 million yuan, but the two sides did not sign A settlement agreement (to client A forward the response of server B).

On July 11, Wu’s mother transferred 500,000 yuan to a bamboo account twice (the server trusted the broker C and performed the transfer operation). After that, liu, who did not get the money, continued to pretend to be Du, and tried to claim the remaining 2.5 million yuan from Wu’s lawyer (the subsequent operation of intermediary C was not trusted by the server B and was rejected. This operation may be caused by the client A’s authority is not enough to support the operation of the server B, rather than the intermediary C was discovered). After posing as Wu Mou fan lawyer request mou bamboo to sign a reconciliation agreement, otherwise claim back 500,000 yuan. After all the bamboo agreed to refund, Liu mou at posing as wu Mou Fan lawyer will provide my Alipay account to all some bamboo, all some bamboo successively to the account transfer 180,000 yuan (middleman C to client A initiated A refund operation notice, client A executed). Liu was captured after the crime of fraud confessed. At present, this person already was criminal detention lawfully by chaoyang public security sub-bureau. (Information tampering can be detected in a man-in-the-middle attack)

How to reduce the harm of man-in-the-middle attack

  1. To encrypt the message

The communication between the server and the client can be encrypted so that the middleman cannot decrypt the real content of the message or tamper with it, even if he has access to it

  • Some bamboo and Wu mou fan in the previous chat to determine some special words for the transmission of specific meaning, more specific I will not repeat

Https requests add an encryption layer to the original Http request. Therefore, Https requests are more secure than Http requests. However, Https requests are also attacked by man-in-the-middle.

  1. A certificate to confirm

If middleman C knows how to encrypt and can successfully trick A and B into trusting each other, then the barrier of encrypted messages is virtually useless.

But communication must take place, so how should we deal with it?

Certificate form may be used, that is to say, encryption we become asymmetric encryption, and the certificate as a public key encryption in the start to each other, so each other can determine each other from the start in connection whether real that he, if not, then we can refuse to transfer data directly.

In Https, when a connection is established, the server sends the certificate to the client for authentication. If the certificate is incorrect, the client automatically closes the connection.

This scheme can’t be explained in relation to real events.

conclusion

In fact, the premise of a man-in-the-middle attack is that both parties are unable to reveal their identities under certain circumstances, so the other party cannot determine whether the other party is communicating with them. So the solution to the problem becomes how to determine the identity of the other person, and the methods that we give, in fact, are used to determine the identity.

For example, the encryption method is known to both parties, but unknown to three parties. Therefore, we assume that the other party will not disclose the encryption method to the public. Which means the only person who knows how to encrypt it is the other person. The identity is established

Certificate confirmation is the identification issued by some three parties that both parties agree with, or both parties directly have the identity of the other party, and ultimately to confirm the identity.

This incident of Wu Mou Fan made me feel surprised as a whole, but it is the best thing about man-in-the-middle attack. I did not expect this kind of incident to happen in real life.

However, it can also be seen that many situations in computers are actually microcosm of the real world, such as various design patterns. Therefore, when we study computers, we can combine the real situation and think about how to solve similar situations in real life.