Data Interception Attacks
Attack Pattern ID: 117 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description


An attacker monitors data streams to or from a target in order to gather information. This attack may be undertaken to gather information to support a later attack or the data collected may be the end goal of the attack. This attack usually involves sniffing network traffic, but may include observing other types of data streams, such as radio. In most varieties of this attack, the attacker is passive and simply observes regular communication, however in some variants the attacker may attempt to initiate the establishment of a data stream or influence the nature of the data transmitted. However, in all variants of this attack, and distinguishing this attack from other data collection methods, the attacker is not the intended recipient of the data stream. Unlike some other data leakage attacks, the attacker is observing explicit data channels (e.g. network traffic) and reading the content. This differs from attacks that collect more qualitative information, such as communication volume, or other information not explicitly communicated via a data stream.

+ Attack Prerequisites

All targets that transmit information over a network is potentially vulnerable to this attack.

+ Resources Required

The attacker must have the necessary technology to intercept information passing between the nodes of a network. For TCP/IP, the capability to run tcpdump, ethereal, etc. can be useful. Depending upon the data being targeted the technological requirements will change.

+ Related Weaknesses
CWE-IDWeakness NameWeakness Relationship Type
311Missing SecurityDatabase\Encrypt\Encryption of Sensitive DataTargeted
+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory118Data Leakage Attacks 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern31Accessing/Intercepting/Modifying HTTP Cookies 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern157Sniffing Attacks 
Mechanism of Attack (primary)1000