A man-on-the-side attack is a form of active attack in computer security similar to a man-in-the-middle attack. Instead of completely controlling a network node as in a man-in-the-middle attack, the attacker only has regular access to the communication channel, which allows him to read the traffic and insert new messages, but not to modify or delete messages sent by other participants. The attacker relies on a timing advantage to make sure that the response he sends to the request of a victim arrives before the legitimate response.
In real-world attacks, the response packet sent by the attacker can be used to place malware on the victim's computer.[1] The need for a timing advantage makes the attack difficult to execute, as it requires a privileged position in the network, for example on the internet backbone.[2] Potentially, this class of attack may be performed within a local network (assuming a privileged position), research has shown that it has been successful within critical infrastructure.[3]
The 2013 global surveillance revelations revealed that the US National Security Agency (NSA) widely uses a man-on-the-side attack to infect targets with malware through its QUANTUM program.[1]
GitHub suffered such an attack in 2015.[4] The Russian Threat Group might have suffered a similar attack in 2019.
interc
was invoked but never defined (see the help page).guard
was invoked but never defined (see the help page).mots-ics
was invoked but never defined (see the help page).netresec
was invoked but never defined (see the help page).