Man in the Browser Attacks

T Dougan; K Curran

doi:10.4018/jaci.2012010103

Man in the Browser Attacks

T Dougan, K Curran

Research output: Contribution to journal › Article › peer-review

45 Citations (Scopus)

Abstract

Man-in-the-Browser attacks are a sophisticated new hacking technique associated with Internet crime, especially that which targets customers of Internet banking. The security community has been aware of them as such for time but they have grown in ability and success during that time. These attacks are a specialised version of Man-in-the-Middle attack, and operate by stealing authentication data and altering legitimate user transactions to benefit the attackers. This paper examines what Man-in-the-Browser attacks are capable of and how specific versions of the attack are executed, with reference to their control structure, data interaction techniques, and methods for circumventing security. Finally the authors discuss the effectiveness of counter-Man-in-the-Middle strategies, and speculate upon what these attacks tell us about the Internet environment.

Original language	English
Pages (from-to)	29-39
Journal	nternational Journal of Ambient Computing and Intelligence
Volume	4
Issue number	1
DOIs	https://doi.org/10.4018/jaci.2012010103
Publication status	Published (in print/issue) - 2 Jan 2012

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.4018/jaci.2012010103

Cite this

@article{427a68749251493ba7d5537a4b275624,

title = "Man in the Browser Attacks",

abstract = "Man-in-the-Browser attacks are a sophisticated new hacking technique associated with Internet crime, especially that which targets customers of Internet banking. The security community has been aware of them as such for time but they have grown in ability and success during that time. These attacks are a specialised version of Man-in-the-Middle attack, and operate by stealing authentication data and altering legitimate user transactions to benefit the attackers. This paper examines what Man-in-the-Browser attacks are capable of and how specific versions of the attack are executed, with reference to their control structure, data interaction techniques, and methods for circumventing security. Finally the authors discuss the effectiveness of counter-Man-in-the-Middle strategies, and speculate upon what these attacks tell us about the Internet environment.",

author = "T Dougan and K Curran",

year = "2012",

month = jan,

day = "2",

doi = "10.4018/jaci.2012010103",

language = "English",

volume = "4",

pages = "29--39",

journal = "nternational Journal of Ambient Computing and Intelligence",

issn = "1941-6245",

publisher = "IGI Global",

number = "1",

}

TY - JOUR

T1 - Man in the Browser Attacks

AU - Dougan, T

AU - Curran, K

PY - 2012/1/2

Y1 - 2012/1/2

N2 - Man-in-the-Browser attacks are a sophisticated new hacking technique associated with Internet crime, especially that which targets customers of Internet banking. The security community has been aware of them as such for time but they have grown in ability and success during that time. These attacks are a specialised version of Man-in-the-Middle attack, and operate by stealing authentication data and altering legitimate user transactions to benefit the attackers. This paper examines what Man-in-the-Browser attacks are capable of and how specific versions of the attack are executed, with reference to their control structure, data interaction techniques, and methods for circumventing security. Finally the authors discuss the effectiveness of counter-Man-in-the-Middle strategies, and speculate upon what these attacks tell us about the Internet environment.

AB - Man-in-the-Browser attacks are a sophisticated new hacking technique associated with Internet crime, especially that which targets customers of Internet banking. The security community has been aware of them as such for time but they have grown in ability and success during that time. These attacks are a specialised version of Man-in-the-Middle attack, and operate by stealing authentication data and altering legitimate user transactions to benefit the attackers. This paper examines what Man-in-the-Browser attacks are capable of and how specific versions of the attack are executed, with reference to their control structure, data interaction techniques, and methods for circumventing security. Finally the authors discuss the effectiveness of counter-Man-in-the-Middle strategies, and speculate upon what these attacks tell us about the Internet environment.

U2 - 10.4018/jaci.2012010103

DO - 10.4018/jaci.2012010103

M3 - Article

SN - 1941-6245

VL - 4

SP - 29

EP - 39

JO - nternational Journal of Ambient Computing and Intelligence

JF - nternational Journal of Ambient Computing and Intelligence

IS - 1

ER -

Man in the Browser Attacks

Abstract

UN SDGs

Access to Document

Fingerprint

Cite this