How are non encrypted Internet communications intercepted?

Just came cross this question on Quora with some great answers I'd like to share with you.

Here's one of the answers -

By Pawan Shivarkar

Sniffing: Unencrypted information passed over public airwaves can be captured and reassembled into usable information like passwords or cookies. Encryption helps, but some forms of encryption, especially older protocols like WEP, are so easy to crack at this point that they present only a minimum barrier to hackers. Mounting a sniffing attack requires almost no technical expertise on the part of the bad guys. Browser plug-ins and apps from popular app stores can turn a laptop or cell phone into a sniffer and a more powerful dedicated sniffing device can be purchased at a low cost at almost any electronics store.

Rogue Access Points: This simple form of Ďman-in-the-middleí attack is predicated on the fact that you do not really know what you are connecting to when you log on to a public hotspot. Letís say you go to Starbucks and see that there are two public networks available: ĎStarbucksí and ĎStarbucks Laptop Optimized.í The latter has a stronger signal and itís optimized for your laptop -- great, connect to that! But what have you just accessed?

To set up a rogue access point, all the attacker does is configure their laptop or device to act as a soft access point with an innocuous name as in the example above, creating a bridge between the victim and the real access point. From the victim side, everything looks fine -- theyíre connected to the Internet and itís business as usual. But every bit of information, password or access code, is captured by the attacker. If the information is unencrypted, it is immediately compromised. Even encrypted information is transmitted and, depending on the level and complexity of encryption, may be easily decoded.

Evil Twin Attacks : This is a variant of the Rogue Access Point. Computers and cell phones generally store previously accessed networks so that they can automatically connect next time you are near the network. The bad guy can capture and broadcast an identical network name and trick the victimís machine into connecting to the evil twin, while appearing to be connected to the legitimate hub instead. Then, as with a Rogue Access Point attack, all of the userís information flows directly into the attackerís device. Setting up an evil twin attack is low-cost and requires minimal technical knowledge.

Another one -

By Peea Moselane

The best way will be to use a network sniffer for intercepting Internet communications. This is how a network sniffer works, Sniffer is a combination of hardware and software. Different sniffers may have various configurations on account of designation and final usage, but basically, a sniffer is composed of four parts:

Hardware Most sniffing products can work with standard adapters. Some sniffers only support Ethernet or wireless adapters whereas others support multi-adapters and allow customization. If you plan to install a sniffer on your computer, you shall be sure what type of adapter you have and what type of adapter the sniffer requires.

Drive program This is a core component of a sniffer. Each sniffing product has its own drive program, only after completing installation can a sniffer start to capture traffic and data from network.

Buffer A buffer is a storage device for captured data from network. In general, there are two modes of buffers: keep capturing until the storage place full, or keep capturing and overflowing as the latest captured data keep replacing the oldest data. The size of a buffer depends on a computer's EMS memory. This means that the bigger the EMS memory is, the more data that can be stored in the buffer.

Packets analysis Capture and analysis are both the most basic and the most important features of a sniffer. Most sniffing products can provide real-time analysis of captured packets, which is the main reason why they are important tools of network engineers. They record the errors and abnormalities while they happening.

Some advanced sniffing products (like Colasoft's Capsa Enterprise sniffer) are able to replay the contents of captured packets. These advanced sniffers may even allow you to edit the contents and retransmit the packets to the network.

One more -

By Andrew Daviel

Communications can be intercepted at the endpoints or in the middle. At an endpoint is easiest - you just run a packet capture program. Wireshark can capture traffic from ethernet (wired and wireless) and USB devices (e.g. USB to RS232) and probably other channels. Other variants (tshark, tcpdump) will run headless (with no graphics). If the communication protocol is well documented (SMTP or IMAP for email, HTTP for web), itís easy, the data drops right out. You can regenerate the original data in its entirety - recreate mail messages or SIP phone conversations, for instance. It would also be possible to intercept system calls in the OS before they reach the network, or to intercept data from the communication program itself by replacing it with a hacked version (which could also intercept supposedly secure end-to-end encrypted traffic; I have seen a trojaned SSH server in the wild).

If a part of the link is an open wifi network (or using WEP or WPA2 with a known or crackable key), itís also easy (though for WPA2 you need to capture the link setup sequence to get the session key, you canít just start in the middle). If you have access to a wired router in the middle, as the NSA is reputed to have, then you can capture packets by mirroring a router port, or by attaching a tap to a communication link (I believe this is possible for optical fibre as well as copper wire).

If you canít do that because you donít have access a portion of the route, you can change the routing so that you do have access. For instance, you can hack a DHCP server to redirect DNS or routing to your own network, hack a DNS server to redirect DNS directly, or hack BGP and change the routing. The most impressive demo I have seen was at DEFCON where a BGP attack on the hotel redirected the traffic for a whole conference full of hackers without most of them noticing. Instead of going from the internet to the hotel, it went first to the presenterís network and then to the hotel.

(In the book Blind Manís Bluff The untold storyÖ an espionage attack on Soviet communications is described where a US submarine placed an induction tap on an undersea cable in the Black Sea, which at that time carried non-encrypted military traffic between Soviet bases)


You can learn more from