Thursday, July 17, 2008

How the FARC hostages were rescued: a classic man-in-the-middle attack

From Schneier on Security:
Last week's dramatic rescue of 15 hostages held by the guerrilla organization FARC was the result of months of intricate deception on the part of the Colombian government. At the center was a classic man-in-the-middle attack.

In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will.

The Wall Street Journal reported how this gambit played out in Colombia:
"The plan had a chance of working because, for months, in an operation one army officer likened to a 'broken telephone,' military intelligence had been able to convince Ms. Betancourt's captor, Gerardo Aguilar, a guerrilla known as 'Cesar,' that he was communicating with his top bosses in the guerrillas' seven-man secretariat. Army intelligence convinced top guerrilla leaders that they were talking to Cesar. In reality, both were talking to army intelligence."
This ploy worked because Cesar and his guerrilla bosses didn't know one another well. They didn't recognize one anothers' voices, and didn't have a friendship or shared history that could have tipped them off about the ruse. Man-in-the-middle is defeated by context, and the FARC guerrillas didn't have any.
Bruce Schneier goes on to explain the implications for internet security. However, I'd like to mention the implications for the war on Al-Qaeda. More so than the FARC, Al-Qaeda is a disperse, loosely-linked organization where members don't know each other. That makes it the perfect target for a man-in-the-middle attack. If the CIA isn't already using it, they could really learn something from the FARC hostage rescue.

No comments:

Post a Comment