How do hackers intercept messages?

Question

It is often said that the main reason of using encryption is to unable middlemen (listeners) to understand the messages exchanged between parties even if they intercept it. But it is overlooked to mention how can someone actually intercept the message at the first place, whether it is encrypted or not. During the Caesar period, it is obvious that enemy can intercept messages by physically capturing the messenger. Thus they began to use ciphers to encrypt their communication. But in the digital world, how does that actually work? My questions are:

1. Do hackers have special hardware to intercept digital messages or anybody with a standard computer and internet can do it?
2. Do hackers have some specific software?
3. Can any device be attacked? (phones,.. )

Answer 1

1. No, anybody with a computer
2. Sometimes
3. If it is connected to a network, yes. IOT is an emerging threat now.

You just have to know what to look for. You can find an insane amount of information using wireshark, Cain and Abel is pretty ridiculous too on active networks, it does the parsing for you.

Wireshark for example - say you captured traffic for a while and your looking through and see a telnet session (port 23) - you can right click on a packet of that session and select Follow TCP Stream and there is a chance that you end up with someones password. I'm sure someone could provide more detailed examples but, hopefully that gives you an idea.

https://www.youtube.com/watch?v=xShwyUq-uHk - Video on what I described (telnet)

Cain and Abel - in my experience is like the laziest recon tool ever. I was sitting in a computer lab way back in the day and just messing around being a nerdy teenager. Every new account that was being created or entered around me I had a record of. At first I thought, wow, this is way too easy it must be wrong. So I shouted across the room, "Hey, Girl X - did you just create a Zanga account?"...I had her username and password.

Answer 2

Your question is very broad so I've attempted to give you some high-level answers with examples to aid your understanding.

Do hackers have special hardware to intercept digital messages or anybody with a standard computer and internet can do it?

Yes and no. A hacker could intercept messages using nothing more than a bog-standard PC, or they might purchase a different WLAN card, a Wireless Access Point (WAP), virtualisation software etc to assist with their work.

For example, on Windows one could setup Client Hyper-V for a Windows Server machine with DNS and DHCP, and use Fiddler to intercept HTTP traffic using WPAD proxy detection. You could do something similar with your own WAP with a common SSID like 'Starbucks'.

Do hackers have some specific software?

Hackers will likely use a combination of their own scripts and exploits along with exploit toolkits that use and share other hackers' scripts and exploits in a way that's easier to use and execute. They may be more likely to use Open Source Software (OSS) as it is easier to modify at a low-level to change the normal and safe operation of the software to enable exploits to run.

For example, MetaSploit is a penetration testing tool that can be used by White-Hat hackers.

Can any device be attacked? (phones,.. )

Probably, yes - anything with a network connection creates an attack surface which could be exploited. The exploits may be directed specifically at different devices (e.g. a vulnerability in iOS on an iPhone) or on an embedded OS on a networked printer, or on a protocol with a vulnerability that is implemented on many devices, such as HTTPS. HTTPS is likely to be implemented on many devices, from phones and laptops to Internet of Things (IoT) devices like smoke alarms, door locks and even kettles!

Answer 3

• Anybody with a standard computer can make a sniff. With a simpler sniffer like tcpdump you can sniff the traffic in a network you have access. Let me give you a simple command below which displays the password in plain text if you have an POP3 or IMAP unencrypted authentication method:

  tcpdump -i any port pop3 or port imap -l -A | egrep -i 'user |pass |LOGIN ".*" ".*"' --line-buffered -B20
  

• You don't need a supersoftware nor a supercomputer if your traffic is unencrypted. These software and hardware's are used to decrypt messages faster since with normal computers might need millions of years.

• ANY DEVICE PLUGGED IN CAN BE ATTACKED

Answer 4

The "listener" you talk about is called a "man in the middle", and your question is basically "how does one get into the middle". This can be done in many ways, and any point that the traffic passes through from your computer on its way to its destination could either be used for an attack by the people who control it, or be hacked and used for an attack by somebody else.

So there is an almost unlimited number of ways this could happend, but here are some examples:

• Your local network:
  • Anyone who is connected to the same Wi-Fi as you are can read your traffic.
  • If your router (or some other part of the network) is hacked, the hacker could read and modify your traffic.
  • The person that legitimately controls the network - e.g. your employer if you are at work - can read and modify your traffic without even having to hack anything.
• Over the internet:
  • Your ISP can read and modify all your traffic, since they control the hardware it passes through. Your traffic may also pass through any number of other networks owned by companies you have never heard of in different countries, and those can read and modify the traffic as well.
  • Any nation state that can hand over a court order to any of those companies can do the same (think NSA).

This could (but does not have to) include the use of special hardware, it definately includes the use of special software, and yes, any device could be targeted.