A “man-in-the-middle” (MITM) attack is a tool elite hackers use to read supposedly secure online communications. In other words, it is the method organizations like the National Security Agency use to eavesdrop online.
The thousands of documents former NSA contractor Edward Snowden leaked to Guardian journalist Glenn Greenwald earlier this year first documented the agency’s use of MITM attacks, and Sunday’s edition of Brazilian TV news program Fantastico shone a brighter light on how NSA employees utilize MITM attacks to spy, impersonating Google (NASDAQ:GOOG) and possibly other heavily trafficked sites to intercept and read data.
Among the documents leaked to Greenwald and then obtained by Fantastico was a NSA presentation in which the agency described “how the attack was done” on “target” Google users. The May 2012 presentation was used to train new agents using a simple flow chart: an NSA employee logs onto an Internet router — likely one used by an Internet Service Provider or a backbone network — and the “target traffic” is then redirected to the MITM, a intermediary site that harvests the needed information before the data is forwarded to its intended destination.
What the document did not make clear is whether NSA logs onto the Internet routers with the permission of or even knowledge of the router’s owner.