Management Consulting

Passive Attack vs Active Attack


The Start of the Conversation 

“Hi there, I am Grey Caesar”

“That is a catchy name, sir. I am Xl-Kal”.

GC – No Sir. You look a lot senior to me. I should call you sir.

Xl-Kal – I get it, mate. What brings you here to the hacking expo show?

GC – Oh yeah, I am into hacking. I am very fond of direct and active attacks in the systems.

Xl-Kal –  I have caught a wind of you some days back in the news. You are that hacker who messed up with a couple of multi-million e-commerce websites.

GC  – How Awesome is that! I have become popular that soon. Anyway, what do you do, sir?

Xl-Kal – Yup, I don’t do that sort of assault like you do. I incline toward the passive attack.

GC  – What does that mean, Sir?

Xl-Kal – I just observe or copy the contents. I try to read or make use of the information from the system.


“Passive and active attacks are the two fundamental types of security attacks. There are sub-categories under these two categories. Eavesdropping and traffic analysis are two types of passive attacks; Denial of Services, Message modification, trojans, etc. are the other types of active attacks.”




GC (Active) – That means you don’t play around with the files and contents in the system.

Xl-Kal (passive) – No, I don’t modify the content of the messages. I am a threat to the confidentiality of the CIA triad.

GC (Active) – You’re kidding. You attack the Central Intelligence Agency?

Xl-Kal (Passive) – Not that kind of CIA. It is CIA Triad which is the Confidentiality, Integrity, and Availability.

GC (Active) – My bad! So, my work of active attack is the threat to Availability. Isn’t it?

Xl -Kal (Passive) – Yes and Integrity as well. You mess up the contents after attacking the system.

GC (Active) – Gotcha. You see it is fun to play around with the contents. Sometimes I do inform the victims about the attack for some thrill.

Xl-Kal (Passive)– Dude, chill out. I don’t prefer to inform the victims. I will rather be relatively invisible to avoid detection. The is the purpose of passive attack.

GC (Active) – Hmmm. What will you do with the data?

Xl-Kal (Passive) – Whenever or whatever is required, I can make use of the information.

GC (Active) – Like blackmail or selling contents for money?

Xl -Kal (Passive) – Maybe. Something like that.

GC (Active) – I guess it must be difficult to detect the passive attack because you do not affect the systems directly like I do.

Xl-Kal (passive) – You bet. I just simply listen to the messages exchanged by the entitles. I love eavesdropping and can make use of it.

GC (Active) – So the traffic must be unencrypted for you to eavesdrop, right?

Xl-Kal (passive) – Of course, if the information is encrypted. We also observe the frequency and length of the messages being exchanged. That is called traffic analysis.

GC (Active) – Sweet. Sorry I’ve gotta go. It was great to meet you.  Hope you don’t snoop at me else I will change your name and make you disappear.

Xl-Kal (Passive) – You bet, Mr. Richard!



There will be incidents that will go unnoticed. We need to figure out how to distinguish them before mitigating the risks. There will be a threat of unauthorized access, vulnerability exploitation, malware, improper usage, etc.

There is one more hacker who can be the enemy of XL-Kal and Grey Caesar – it can be YOU. You can consider yourself as a white-hat hacker who can assist to protect the organization from the threats. You can find out about different kinds of hackers in this blog

All the white-hat hackers don’t have to learn the hacking skills. You can protect the CIA Triad of your organization with the knowledge of information security practices.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Arun Ramakrishnan, Lead Quality Assurance Consultant

More from this Author

Subscribe to the Weekly Blog Digest:

Sign Up
Follow Us