Pass the Packet
Bill Dungey | @corvusactual | postpunksuperhero.com
Information is passed along its route in the form of a packet – from desktop to router to modem to servers on the internet until it reaches its destination, then all the way back.
A Man in the Middle attack occurs when a malicious agent places themselves between one or more of those points.
A typical Man in the Middle attack will see our hacker sit between the desktop / laptop / device and the router. When an attacker sits on the network as a Man in the Middle, they can harvest all of the data being pushed along the line.
This means they will have access to anything passed through the network without encryption.
Credentials – usernames and passwords sent through forms on websites.
Data – websites you’re visiting, services you’re accessing.
Distribute Malware – pop-ups for fake websites / updates / downloads.
For the purposes of demonstrating this, we will have four volunteers – a router, a hacker, a device and the internet.
The device passes along an envelope (mimicking data) to the router, who passes the envelope along to the internet.
When the hacker is introduced anywhere along the line, they will have access to the data to do what they wish with it. They could add information to the data, they could peek inside or they could destroy it.
Rules for Pass The Packet
To exemplify this process with the organization's entire team, we’ll play a game of Telephone.
The person starting the game will be given a (Packet) phrase to repeat to their neighbour. The object of the game is to pass the Packet through every team member while keeping the data (the phrase) secure (unchanged).
Queue cards will be handed out prior to the start of the game to every participant.
Blank cards represent a regular hop in the route the data must take to reach its destination.
Cards marked with an ‘X’ represent a disruption of service – the person trying to move the Packet along will have to physically move to the next person in line to pass along the phrase.
Cards marked with a blue ‘IT’ may physically move freely along the route at any time.
Cards marked with a red ‘HACKER’ are to try to change the phrase, thereby obfuscating or destroying the data.
The IT cardholder may request to see the card of any person at any time. If they catch the HACKER, the HACKER is eliminated.
If the Packet reaches the destination with the same, unchanged data, the organization wins.