How to Cut Off a Man-in-the-Middle Attacker

    Oh dear, it seems like you might have encountered a "Man-in-the-Middle" (or MitM) attack. Don't fret! This guide will walk you through, in plain language, on how to identify, disconnect and remediate such an attack.

    If you suspect a Man-in-the-Middle attack, the very first thing you should do is disconnect from the internet. This can help stop the attacker from doing more harm while you figure out your next steps.

    Recognising a Man-in-the-Middle Attack

    A Man-in-the-Middle attack is a bit like someone secretly listening in on your private conversations or even pretending to be one of the people you're talking to. The attacker places themselves between you and the website or service you're trying to reach, intercepting your information. It's often hard to spot, but there are some tell-tale signs.

    • Unexpected security warnings from your browser when visiting a familiar website.
    • Website addresses (URLs) that look slightly wrong or don't start with "https://" when they usually would.
    • Really slow internet connection, or pages taking a long time to load oddly.
    • Public Wi-Fi networks that don't require a password, but you're prompted for one on a site that typically doesn't ask for it.

    Disconnect Immediately

    If you suspect an attack, your immediate priority is to sever the connection with the potentially compromised network. This is like pulling the plug on a phone call if you think someone else is listening in. Don't just close your browser; completely disconnect from the internet.

    • **For Wi-Fi:** Turn off your Wi-Fi directly on your `device` (laptop, phone, tablet). On most devices, you can find this in your "Settings" or by swiping down from the top of your screen to access quick settings.
    • **For Wired Connections:** Unplug the Ethernet cable from your computer or laptop.

    Remove Rogue Trust Certificates

    Sometimes, an attacker might try to trick your computer into trusting their fake connection by installing a malicious 'security certificate'. It's important to remove any certificates that you didn't intentionally install or that seem suspicious. This can be a bit technical, but we'll guide you through it in plain Australian English.

    • **On Windows:** Go to "Start" > Type "certmgr.msc" and press Enter. In the Certificates window, look under "Trusted Root Certification Authorities" and "Intermediate Certification Authorities" for anything unfamiliar. If you find one, right-click it and choose "Delete".
    • **On macOS:** Open "Keychain Access" (you can find it using Spotlight Search by pressing Command + Space and typing "Keychain Access"). In the left sidebar, select "System Roots" or "System" then look for any suspicious certificates. Right-click and choose "Delete" if you find one.
    • **On Android:** Go to `Settings` > `Security` > `Encryption & credentials` > `User credentials`. Look for any certificates that you don't recognise and remove them.
    • **On iOS:** Go to `Settings` > `General` > `VPN & Device Management`. If there are any profiles you don't recognise, tap on them and choose `Remove Profile`.

    Change All Your Passwords

    Once you've disconnected and removed any rogue certificates, it's crucial to change all your important passwords. This is because the attacker might have captured them when they were intercepting your connection. Think of it like changing your locks after a break-in, just in case they made a copy of your keys.

    • Start with your most critical accounts: email, banking, social media, and any services that store your credit card information.
    • Use a strong, unique password for each account. A password manager can be a fantastic tool to help you with this.
    • If you use two-factor authentication (2FA), it's a good idea to reset those settings too, especially if you were using SMS for verification.

    Update Your Software and Run a Scan

    Finally, make sure all your software is up-to-date and run a full security scan. Software updates often include security patches that fix vulnerabilities attackers might exploit. A thorough scan can help ensure no lingering malware was installed during the attack.

    • Update your operating system (Windows, macOS, Android, iOS), web browser, and any security software (antivirus/antimalware).
    • Run a full scan with your trusted antivirus or anti-malware software to check for and remove any unwanted programs.

    Key takeaway

    Dealing with a Man-in-the-Middle attack can be unnerving, but by following these steps, you can effectively cut off the attacker, secure your devices, and protect your personal information. Always remember to be vigilant about your online surroundings and trust your instincts if something feels off. Stay safe online!

    More from Network Security

    No image

    How to Use Email and Social Apps Safely on Public Wi-Fi

    Reduce the chance of repeat exposure on public networks.
    No image

    How to Recover Email and Social Accounts After an Evil-Twin Wi-Fi Login

    Reset access on each affected account from a clean device.
    No image

    How to Tell If Your Email or Social Login Was Captured on a Fake Wi-Fi

    You signed into email or social on a fake hotspot — those credentials should be considered stolen.