An unauthorized interception of network traffic. The packets are viewed or modified by the perpetrator and sent on to the recipient, who is unaware of the intrusion. A man-in-the-middle attack can be used to intercept an encrypted message exchange and spoof the recipient into thinking the message is intact from a legitimate sender. In such a case, the attackers replace the public key from the original sender with their own public key in order to decrypt the message that will be sent back from the unsuspecting recipient. See replay attack, public key cryptography and ARP cache poisoning.
An attack in which a cracker intercepts data and replies to it, making it look as though the reply came from the intended recipient. A victim thus attacked might expose private data—such as credit card or bank account information—that can later be used to defraud the victim. Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA: ABC-CLIO, 2004.