Cybersecurity History: The 1st Man-in-the-Middle Attack
July 30, 2020
Cyber Security | Man-in-the-Middle
Wikipedia's list of security hacking incidents begins with a blurb about a 1903 hack involving Marconi (widely regarded as the inventor of radio). As cybersecurity enthusiasts, we couldn't help but go one level deeper to learn more. The details we found have everything one could want in a story about (if you'll allow us just a bit of leeway) the beginnings of cybersecurity history. Brilliant technologists (on both the creating and receiving ends of the hack). Intellectual curiosity. Timing. Famed participants. And, legendary post-incident debates. Let's dive in.
Who is Marconi?
Guglielmo Marconi (1874-1937) is a Nobel Prize winner whose lineage of invention included early work in radio transmission, radio telegraphs, and what came to be known as Marconi's Law. In retrospect, at the risk of understating his achievements, you might call him a very early innovator in what we now call wireless networks.
Nodes on a wireless network -- both then and now -- include playing the role of a transmitter and playing the role of a receiver (or sometimes both). And messages conveyed from the transmitter to the receiver are often intended only for the receiver, and for no one else. Right?
What if a transmitter on a wireless network sent a message. And the receiver received a message. Can the receiver trust that it came from the transmitter that they expected? Maybe.
In the case of Marconi and his company, an expert advisor to the company became the "victim" (although not perhaps in the sense of any enduring harm) of what is most likely the first Man-in-the-Middle attack in history. As the story goes, Professor Fleming (a leading advisor to Marconi) was demonstrating the groundbreaking ability to wirelessly transmit a message from one location to another. And the transmitter and receiver were prepared and ready for demonstration.
But, so was the "man in the middle," Mr. Maskelyne. Mr. Maskelyne set up his own receiver, intercepting the authentic message that was being sent from a location in Cornwall to a destination (receiver) at the Royal Institue. Mr. Maskelyne then, using his own receiver, transmitted a new/revised message (supposedly a sarcastic one, although we know of no precise record of the message contents). Presumably, Professor Fleming was none-too-amused to have a high-profile demonstration of wireless technology result in an unwelcome message from a "man in the middle" -- which presumably came as quite a surprise to him.
Fast Forward to Today
Owing to many evolving Man-in-the-Middle attacks that gained steam more widely in the 1980s and 1990s, elaborate systems of trust and encryption -- SSL for example -- were invented to combat many of the more mainstream man-in-the-middle types of attacks. Leaving room for a future story on this blog, we'll circle back in the future to describe some man-in-the-middle attacks that still persist today, and comment in more detail on what can be done to prevent them. In the meantime, we hope you enjoyed this brief trip back in the history of cybersecurity, where even the most prominent wireless technology expert of the time, came to realize that vulnerabilities and exploits bear consideration in any communications system.