Following a comment by one of our valued readers, Patrick, I decided to write an article about Sniffing because the subject is way too broad to discuss via comments.

Patrick mentioned an event which happened recently. A Chinese Telecommunications company redirected 15% of the world’s internet routes through its system. It’s impossible to say whether this was a mistake or done intentionally. Once the traffic was routed through their system the Chinese company had the ability to look at all the data and even keep a copy of it. We of course have no way to know what operations were run on the data, if any.

This is obviously worrisome as such attacks can be used for industrial or military espionage. It is however very important to realise that network sniffing (the act of spying on data traffic) is not something new and is not a threat that is posed solely by large telecommunications companies either.

Previous to this incident there was the alleged project Echelon. The project’s initial target was spying on Russia during the Cold War. It was allegedly subsequently expanded to monitor possible terrorist activities, drugs and other criminal activities. In the 1990s however journalists claimed that project Echelon was being used for industrial espionage by the United States.

Governments are not the only entities that can spy on your network. Anyone along the route between you and your destination can set up a sniffer and spy on the data travelling through that pipe. This would be especially effective at the ISP where one can be guaranteed that all traffic will be passing through there. It doesn’t have to be an inside job at the ISP either; if a hacker can get access to any machine within that network segment even remotely, he can install a sniffer or even redirect the traffic. This can obviously be achieved fully transparently without the victim realising.

Even worse is when a satellite internet provider is along the route, because in such cases your data will be broadcast to a large geographical area where anyone equipped with a simple, cheap satellite card can easily sniff all the traffic, which in case of satellite systems is generally not encrypted.

The spying threat also exists within the company itself. Disgruntled employees can easily run sniffers inside your local network. The range of the data they can sniff is limited by the network design; however, there are attacks that could potentially allow an attacker to modify routes to allow him a bigger scope. A successful sniffing attack on an internal network could steal a lot of important information, from confidential documents to emails. A clever attacker could also record traffic to printers with the possibility to replay them to another printer, resulting in them obtaining a copy of whatever the victim would have printed.

In any case the solution is similar:

  • Whenever possible use strong encryption.
  • To protect against internal sniffing, protection against ARP (Address Resolution Protocol)  poisoning is a must.
  • VPNs and other encrypted tunnelling systems can also be an effective defence against sniffing.