Wi-Fi Man in the Middle attack (MITM)
QCC conducted a Cyber TSCM inspection for a Swiss Hedge Fund based in Geneva and uncovered a Wi-Fi Man In The Middle interception attack.
Whilst conducting deep analysis of the Wi-Fi emissions in the Client’s building the QCC Cyber TSCM inspection team detected what appeared initially to be a legitimate Wi-Fi access point, broadcasting a very similar Service Set Identifier (SSID or network name) to the Clients own guest Wi-Fi network. However, when the access point was traced it was found to be located outside the Clients demise, in the electrical riser of the empty office one floor above. QCC operative’s where able to access this riser from below: through the inter-floor riser grating.
What was discovered was a Wi-Fi hacking device also know as a Wi-Fi “Man In The Middle Attack” which fools Wi-Fi enabled, laptops, phones, tablets etc into connecting with the device. This Wi-Fi hacking tool poses as a legitimate Wi-Fi connection by pretending to be a network which is similar to the user’s device, for instance the users home or work network or in this case a work guest network.
Once connected the victims device gets an internet connection via the Wi-Fi “Man In The Middle device”. However all the data traffic that passes through the device is available to the eavesdropper to view or record for nefarious purposes including striping and recording of Passwords, PIN numbers, SSL information, confidential personal information and screen shots of the websites and pages the victims device is accessing.
This attack was clearly a cyber-attack designed to harvest confidential information from un-suspecting user devices, within the Client premises. These Wi-Fi (MITM) devices are openly sold on the internet via hacking websites.
QCC preserved the scene and evidence for later forensics analysis in our forensics laboratory. Full analysis was conducted by QCC’s Cyber Forensics team and the Client, their legal team and security / IT team were supported with a Cyber investigation and subsequent legal action and the implementation of security controls to mitigate this risk going forward.
Contact us for further advice or return to Cyber TSCM services page.