April 20, 2004

Man in the Middle

Donald Sensing's useful primer on coded speech is marred by one small fact. The Western Union example is readily replicable with email. In fact, it's probably very easy to do.

E-mail is what is known as 'store and forward' technology and is usually sent in plain text. What the FBI did to the Western Union telegram, substituting deceased for dead in the original, is called a man-in-the-middle attack and is a well known method of assaulting a communication. If you suspect coded speech is being used, creating a program that takes messages and changes a few words here and there using a thesaurus and synonyms would not be too difficult a technical task. And the nature of e-mail over the Internet is that it's not instantaneous or even timed transmission. A delay of a few seconds wouldn't be noticed.

No, Rev. Sensing isn't right when he says such attacks are mostly historical and that we wouldn't have much opportunity to replicate them in today's counter-intelligence environment. In fact, there's probably more opportunity today than any other time in history for the man-in-the-middle to make a muddle of codes and one time pads.

Posted by TMLutas at April 20, 2004 12:38 PM