Man-in-the-Middle Attacks

I have been reading Bruce Schneier's article for few months. Found the following piece pretty interesting how Man-in-the-Middle Attacks work. Trust is a pretty serious issue, it seems, in real as well as virtual world.

~~
Man-in-the-Middle Attacks

Last week's dramatic rescue of 15 hostages held by the guerrilla organization FARC was the result of months of intricate deception on the part of the Colombian government. At the center was a classic man-in-the-middle attack.

In a man-in-the-middle attack, the attacker inserts himself between two communicating parties. Both believe they're talking to each other, and the attacker can delete or modify the communications at will. The Wall Street Journal reported how this gambit played out in Colombia:

"The plan had a chance of working because, for months, in an operation one army officer likened to a "broken telephone," military intelligence had been able to convince Ms. Betancourt's captor, Gerardo Aguilar, a guerrilla known as "Cesar," that he was communicating with his top bosses in the guerrillas' seven-man secretariat. Army intelligence convinced top guerrilla leaders that they were talking to Cesar. In reality, both were talking to army intelligence."

This ploy worked because Cesar and his guerrilla bosses didn't know one another well. They didn't recognize one another's voices, and didn't have a friendship or shared history that could have tipped them off about the ruse. Man-in-the-middle is defeated by context, and the FARC guerrillas didn't have any."
~~