Man-on-the-side attack
A man-on-the-side attack is a form of active attack in computer security similar to a man-in-the-middle attack. Instead of completely controlling a network node as in a man-in-the-middle attack, the attacker only has regular access to the communication channel, which allows him to read the traffic and insert new messages, but not to modify or delete messages sent by other participants. The attacker relies on a timing advantage to make sure that the response he sends to the request of a victim arrives before the legitimate response.
In real-world attacks, the response packet sent by the attacker can be used to place malware on the victim's computer.[1] The need for a timing advantage makes the attack difficult to execute, as it requires a privileged position in the network, for example on the internet backbone.[2] Potentially, this class of attack may be performed within a local network (assuming a privileged position), research has shown that it has been successful within critical infrastructure[3].
The 2013 global surveillance revelations revealed that the US National Security Agency (NSA) widely uses a man-on-the-side attack to infect targets with malware through its QUANTUM program. [1]
References
- Gallagher, Ryan; Greenwald, Glenn (12 March 2014). "How the NSA Plans to Infect 'Millions' of Computers with Malware". The Intercept. Retrieved 15 March 2014.
- Schneier, Bruce (4 October 2013). "Attacking Tor: how the NSA targets users' online anonymity". theguardian.com. The Guardian. Retrieved 15 March 2014.
- Maynard, Peter; McLaughlin, Kieran (1 May 2020). "Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks". 17th International Conference on Security and Cryptography (SECRYPT 2020). arXiv:2004.14334. Bibcode:2020arXiv200414334M.
- Hjelmvik, Erik (31 March 2015). "China's Man-on-the-Side Attack on GitHub". netresec.com. NetreseC. Retrieved 16 April 2020.