Nanny-in-the-Middle Attack

"Man-in-the-Middle" attack's occur in the "real" world, not just in computer security. In this case, it was a Nanny-in-the-Middle…
Security Notes from All Over: Man-in-the-Middle Attack

(from http://www.schneier.com/crypto-gram-0404.html#6)

The phrase "man-in-the-middle attack" is used to describe a computer attack
where the adversary sits in the middle of a communications channel
between two people, fooling them both. It is an important attack, and
causes all sorts of design considerations in communications protocols.

But it's a real-life attack, too. Here's a story of a woman who posts an ad
requesting a nanny. When a potential nanny responds, she asks for
references for a background check. Then she places another ad, using
the reference material as a fake identity. She gets a job with the good
references — they're real, although for another person — and then
robs the family who hires her. And then she repeats the process.

Look what's going on here. She inserts herself in the middle of a
communication between the real nanny and the real employer, pretending
to be one to the other. The nanny sends her references to someone she
assumes to be a potential employer, not realizing that it is a
criminal. The employer receives the references and checks them, not
realizing that they don't actually belong to the person who is sending
them.

It's a nasty piece of crime.

The San Francisco Chronicle carried the full story.

Leave a Reply

Your email address will not be published. Required fields are marked *